Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Win7 netbook


  • This topic is locked This topic is locked
28 replies to this topic

#1 Mike Easter

Mike Easter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 04 April 2015 - 11:50 PM

I'm troubleshooting Jack's Win7 HomePrem 64bit netbook which seems to have slow performance.  I'm using TeamViewer remotely and have made some changes to reduce resource use.  It was running AVG & MSE, now it is running Avast Free 2015 and AVG & MSE have been uninstalled. MBAM is used on demand and Spybot S&D is configured to not run in realtime, but just on demand.  I have the TV configured to allow me to be able to login to either user unassisted after boot, as Jack is frequently not available to help on the netbook end.  Maybe the slowness is just because of the resources, as I'm not finding any problem malware, just occasional low threat PUPs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jack (administrator) on JACK-LT on 05-04-2015 00:16:16
Running from C:\Users\Public\Downloads\Bleeping\FRST
Loaded Profiles: Jack (Available profiles: Jack & Logan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\pulm4qoh.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\pulm4qoh.default\user.js [2015-03-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-13]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
S3 efavdrv; C:\Windows\SysWOW64\drivers\efavdrv.sys [115008 2015-02-07] (ESET)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-21] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 20:39 - 2015-04-04 20:39 - 00000000 ____D () C:\Users\Jack\Documents\ProcAlyzer Dumps
2015-04-04 20:19 - 2015-04-04 20:19 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\AVAST Software
2015-04-04 20:15 - 2015-04-04 20:15 - 00275464 _____ () C:\Windows\Minidump\040415-30763-01.dmp
2015-04-04 20:13 - 2015-04-04 20:13 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 20:12 - 2015-04-04 20:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 20:12 - 2015-04-04 20:12 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 20:12 - 2015-04-04 20:12 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 20:10 - 2015-04-04 20:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 19:57 - 2015-04-04 19:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 19:56 - 2015-04-04 19:56 - 00000000 ____D () C:\Users\Jack\AppData\Local\Avg2015
2015-04-04 19:40 - 2015-04-04 19:40 - 00003258 _____ () C:\Windows\System32\Tasks\{CEC9D748-E3D0-4FE6-BB8A-9C15D5044DE5}
2015-04-04 19:35 - 2015-04-04 19:35 - 05481352 _____ (Avast Software s.r.o.) C:\Users\Public\Downloads\avast_free_antivirus_setup_online.exe
2015-04-04 18:02 - 2015-04-04 18:02 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\LibreOffice
2015-04-04 14:32 - 2015-04-04 14:32 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-04 14:32 - 2015-04-04 14:32 - 00000963 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-03 23:34 - 2015-04-04 02:22 - 00001583 _____ () C:\Users\Public\Documents\Mike543.txt
2015-03-16 19:43 - 2015-03-16 23:10 - 00003140 _____ () C:\Users\Public\Documents\Mike53g.txt
2015-03-16 18:46 - 2015-03-16 18:46 - 00000000 _____ () C:\Windows\SysWOW64\shoB850.tmp
2015-03-16 14:24 - 2015-04-05 00:15 - 00000000 ____D () C:\Users\Public\Downloads\Bleeping
2015-03-16 12:22 - 2015-03-16 12:23 - 07782048 _____ (TeamViewer GmbH) C:\Users\Public\Downloads\TeamViewer_Setup_en-ckj.exe
2015-03-16 07:22 - 2015-03-16 07:22 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en(1).exe
2015-03-16 07:21 - 2015-03-16 07:21 - 01951468 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en (1).exe
2015-03-16 07:20 - 2015-03-16 07:20 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en.exe
2015-03-16 00:08 - 2015-03-16 00:08 - 00000000 _____ () C:\Windows\SysWOW64\sho5838.tmp
2015-03-15 10:13 - 2015-03-15 20:01 - 00000000 ____D () C:\Users\Jack\Downloads\Bleeping
2015-03-14 21:43 - 2015-04-05 00:16 - 00000000 ____D () C:\FRST
2015-03-13 16:59 - 2015-03-13 16:59 - 00001268 _____ () C:\Users\Jack\Desktop\Revo Uninstaller.lnk
2015-03-13 16:59 - 2015-03-13 16:59 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-13 16:55 - 2015-03-13 16:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jack\Downloads\revosetup.exe
2015-03-13 10:28 - 2015-03-13 10:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-03-13 10:28 - 2015-03-13 10:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-03-13 03:30 - 2015-03-13 03:30 - 00000000 _____ () C:\Windows\SysWOW64\shoD5D0.tmp
2015-03-12 19:32 - 2015-03-12 19:32 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-03-12 17:36 - 2015-03-13 17:28 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieBrowserModeList
2015-03-12 17:27 - 2015-03-12 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-03-12 17:24 - 2015-03-12 17:25 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\CompuClever
2015-03-12 17:22 - 2015-04-04 17:48 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-12 17:16 - 2015-03-12 17:16 - 00000000 _____ () C:\Users\Jack\Downloads\TeamViewer(4).exe
2015-03-12 16:52 - 2015-03-12 16:53 - 00000000 _____ () C:\Users\Jack\Downloads\TeamViewer.exe
2015-03-12 15:19 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 15:19 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 15:19 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 15:19 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 15:19 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 15:19 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 15:19 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 15:19 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 15:19 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 15:19 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 15:19 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 15:19 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 15:19 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-12 15:19 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 15:18 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 15:18 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 15:18 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 15:18 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 15:18 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 15:18 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 15:18 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 15:18 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 15:18 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 15:18 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 14:59 - 2015-03-12 15:03 - 00000498 _____ () C:\Windows\wininit.ini
2015-03-12 14:59 - 2015-03-12 14:59 - 00000000 ____D () C:\Users\Logan\AppData\Roaming\TeamViewer
2015-03-12 14:57 - 2015-03-12 14:58 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en(2).exe
2015-03-12 14:53 - 2015-03-12 14:54 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en(1).exe
2015-03-12 14:49 - 2015-03-12 14:58 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en.exe
2015-03-12 03:57 - 2015-03-12 03:57 - 00000000 _____ () C:\Windows\SysWOW64\shoF89E.tmp
2015-03-11 19:44 - 2015-04-04 15:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-11 17:33 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 17:33 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 17:33 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 17:33 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 17:33 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 17:33 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 17:33 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 17:33 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 17:33 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 17:33 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 17:33 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 17:33 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 17:33 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 17:33 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 17:32 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 17:32 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 17:32 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 17:32 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 17:32 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 17:32 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 17:32 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 17:32 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 17:32 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 17:30 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 17:30 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 17:29 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 17:29 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 17:29 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:29 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 17:29 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 17:25 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 17:25 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 17:25 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 17:25 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 17:25 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 17:25 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 17:25 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 17:25 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:25 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 17:25 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 17:25 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 17:25 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 17:25 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:25 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 17:25 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 17:25 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 17:25 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 17:25 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 17:25 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:25 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 17:25 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 17:25 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 17:25 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 17:25 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 17:25 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 17:25 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:25 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 17:25 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 17:25 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 17:25 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 17:25 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:25 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 17:25 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 17:24 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:24 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:24 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 17:24 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:24 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:24 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 17:24 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:24 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 17:24 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:24 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 17:24 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:24 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:24 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 17:24 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 17:24 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 17:24 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:24 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:24 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 17:24 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 17:24 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:24 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 17:24 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 17:24 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 17:23 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 17:23 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 16:55 - 2015-03-11 16:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Logan\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-11 15:18 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-11 15:18 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-11 15:17 - 2015-03-11 15:17 - 00002438 _____ () C:\Windows\System32\Tasks\0215avUpdateInfo
2015-03-11 15:17 - 2015-03-11 15:17 - 00000320 _____ () C:\Windows\Tasks\0215avUpdateInfo.job
2015-03-11 15:17 - 2015-03-11 15:17 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av
2015-03-11 15:13 - 2015-03-11 15:14 - 00000000 ____D () C:\9890b921fda89a2952
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-04 23:46 - 2013-07-12 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 23:27 - 2015-02-07 12:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-04 20:42 - 2014-10-26 00:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 20:36 - 2015-02-07 03:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-04 20:26 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 20:26 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 20:21 - 2012-01-14 19:04 - 01975778 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 20:18 - 2015-02-07 12:22 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-04 20:15 - 2014-11-18 22:51 - 291147715 _____ () C:\Windows\MEMORY.DMP
2015-04-04 20:15 - 2014-11-18 22:51 - 00000000 ____D () C:\Windows\Minidump
2015-04-04 20:15 - 2010-11-20 23:47 - 00163660 _____ () C:\Windows\PFRO.log
2015-04-04 20:15 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 20:15 - 2009-07-14 00:51 - 00051088 _____ () C:\Windows\setupact.log
2015-04-04 19:53 - 2015-01-11 21:11 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-04 19:44 - 2013-07-12 15:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-04 14:58 - 2015-02-07 03:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-03 19:30 - 2015-02-07 12:23 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-26 21:54 - 2014-06-18 13:41 - 00073640 _____ () C:\Users\Logan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-21 15:19 - 2014-01-06 20:05 - 00776078 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-21 15:18 - 2009-07-14 01:13 - 00776078 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 00:19 - 2013-02-24 14:01 - 00073640 _____ () C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-17 00:18 - 2009-07-14 00:45 - 00328960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 17:53 - 2011-10-24 07:07 - 00000000 ____D () C:\ProgramData\newsXpresso
2015-03-13 17:53 - 2011-10-24 05:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 15:13 - 2013-07-12 17:06 - 00000000 ____D () C:\Users\Jack\AppData\Local\Thunderbird
2015-03-13 14:10 - 2013-10-10 20:48 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2015-03-13 14:10 - 2013-07-12 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 14:09 - 2013-07-12 16:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 14:09 - 2011-10-24 07:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 16:49 - 2013-02-24 14:04 - 00000000 ___RD () C:\Users\Jack\Desktop\Startup
2015-03-12 16:46 - 2013-07-12 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-12 03:23 - 2013-09-02 19:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:07 - 2013-07-23 03:17 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
 
Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\DRHelper_uninstallComplete.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-16 07:55
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Jack at 2015-04-05 00:19:50
Running from C:\Users\Public\Downloads\Bleeping\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skip-Bo - Castaway Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Tradewinds Legends (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-03-2015 03:00:24 Windows Update
13-03-2015 17:01:03 Revo Uninstaller's restore point - Consumer Input (remove only)
13-03-2015 17:14:04 Revo Uninstaller's restore point - PC Clean Maestro
13-03-2015 17:23:47 Revo Uninstaller's restore point - Internet Helper Anti-phishing
13-03-2015 17:32:23 Revo Uninstaller's restore point - PC TuneUp Maestro
13-03-2015 17:37:21 Revo Uninstaller's restore point - Roaming Rate
13-03-2015 17:42:55 Revo Uninstaller's restore point - Fooz Kids
13-03-2015 17:43:32 Removed Fooz Kids
13-03-2015 17:46:28 Revo Uninstaller's restore point - Fooz Kids Platform
13-03-2015 17:47:25 Removed Fooz Kids Platform
13-03-2015 17:51:06 Revo Uninstaller's restore point - newsXpresso
13-03-2015 17:52:14 Removed newsXpresso
16-03-2015 19:10:08 Windows Update
21-03-2015 14:19:48 Windows Update
29-03-2015 13:53:19 Windows Update
03-04-2015 19:06:53 Windows Update
04-04-2015 19:46:12 Removed AVG 2015
04-04-2015 19:49:31 Removed AVG 2015
04-04-2015 20:09:19 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05C34E8D-37AE-476F-A2A3-05AA00BACF4A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0D188EF7-E509-4573-AC0F-E41CBDE5E0B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {3824C0AD-2EFF-4EA0-A12C-6225BE511393} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
Task: {4D5C97CA-2026-4026-904F-F40B11CB9D0F} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4F171C91-A6D3-4A72-8447-A103DB51431D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {5D5408C4-1BEB-49DF-8036-2B268C9D4702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {6FB6C341-7291-4B9C-8C76-472C47CC703F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A046403F-3DF9-4BBC-B237-DB2C12798352} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {C93E2925-BC92-40C4-BDF1-A32593AB992B} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
Task: {E0006AA2-AA9F-44F6-87D9-61EE2A14F31A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {F4BB65A1-075B-4E36-8FA1-778CDD395A77} - System32\Tasks\{CEC9D748-E3D0-4FE6-BB8A-9C15D5044DE5} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2009-01-21 20:45 - 2009-01-21 20:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040401\algo.dll
2015-02-07 03:06 - 2014-05-13 16:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-04 20:12 - 2015-04-04 20:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2585673294-479778367-4263575354-500 - Administrator - Disabled)
Guest (S-1-5-21-2585673294-479778367-4263575354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2585673294-479778367-4263575354-1002 - Limited - Enabled)
Jack (S-1-5-21-2585673294-479778367-4263575354-1000 - Administrator - Enabled) => C:\Users\Jack
Logan (S-1-5-21-2585673294-479778367-4263575354-1003 - Limited - Enabled) => C:\Users\Logan
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/04/2015 08:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service AVGIDSAgent since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/04/2015 02:52:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 02:20:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/03/2015 06:44:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/03/2015 06:09:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/29/2015 07:41:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TeamViewer.exe version 10.0.39052.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: afc
 
Start Time: 01d06a41d4189361
 
Termination Time: 1926
 
Application Path: C:\Program Files (x86)\TeamViewer\TeamViewer.exe
 
Report Id: 02580d27-d66d-11e4-a189-dc0ea1555fe3
 
Error: (03/29/2015 01:09:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
System errors:
=============
Error: (04/04/2015 08:15:21 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffff96000000000, 0x0000000000000000, 0xfffff960001a8eac, 0x0000000000000000)C:\Windows\MEMORY.DMP040415-30763-01
 
Error: (04/04/2015 08:15:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:12:48 PM on ‎4/‎4/‎2015 was unexpected.
 
Error: (04/04/2015 07:51:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/04/2015 02:49:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/04/2015 02:30:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/04/2015 02:30:14 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/04/2015 02:24:14 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/03/2015 06:35:25 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (04/03/2015 06:34:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer service.
 
Error: (04/03/2015 06:34:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 
Microsoft Office Sessions:
=========================
Error: (04/04/2015 08:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service AVGIDSAgent since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
 
Error: (04/04/2015 02:52:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 02:20:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/03/2015 06:44:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/03/2015 06:09:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/29/2015 07:41:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TeamViewer.exe10.0.39052.0afc01d06a41d41893611926C:\Program Files (x86)\TeamViewer\TeamViewer.exe02580d27-d66d-11e4-a189-dc0ea1555fe3
 
Error: (03/29/2015 01:09:45 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
==================== Memory info =========================== 
 
Processor: AMD C-60 APU with Radeon™ HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 1770.9 MB
Available physical RAM: 521.17 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 1485.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:211.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 948B2923)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:52 AM

Posted 06 April 2015 - 07:19 AM

Hello Mike Easter and welcome to BleepingComputer!          :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.           :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

I've sent my next steps to my instructors, please wait a bit.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:52 AM

Posted 07 April 2015 - 11:00 AM

Hi Mike Easter.

 

WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalled it via add/remove.

Reboot after the uninstallation.<- Important.

 

-------------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

  • Acer Games
  • AVG 2015
  • Consumer Input Update Helper

Additional instructions can be found here if needed.

------------
After above steps were completed, please create new FRST log for me.
 
Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 Mike Easter

Mike Easter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 07 April 2015 - 12:25 PM

Wild Tangent is not visible in the Add/Remove programs.

 

I've installed Revo Uninstaller and it is not visible there.  I've Win searched on Wild and Tangent and get no salient hits.

 

Continuing down the line.



#5 Mike Easter

Mike Easter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 07 April 2015 - 12:33 PM

I found  Wild Tangent;  it  was an Acer game and WT is also the  publisher of Acer games.



#6 Mike Easter

Mike Easter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 07 April 2015 - 01:58 PM

Removed:

first the Acer game Wild Tangent, then the rest of the Acer games.  Jack doesn't use.

AVG; I tho't it had already been removed, but it was there.

 

I could not find Consumer Input Update Helper in Programs&Features

 

Restarted; used FRST fixlist; restarted, got new FRST frst & addition

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jack (administrator) on JACK-LT on 07-04-2015 14:44:23
Running from C:\Users\Public\Downloads\Bleeping\FRST\0406
Loaded Profiles: Jack (Available profiles: Jack & Logan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\pulm4qoh.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-13]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-21] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 12:23 - 2015-04-06 12:23 - 00000000 ____D () C:\Users\Logan\AppData\Roaming\AVAST Software
2015-04-05 03:21 - 2015-04-05 03:26 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:21 - 2015-04-05 03:21 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:39 - 2015-04-04 20:39 - 00000000 ____D () C:\Users\Jack\Documents\ProcAlyzer Dumps
2015-04-04 20:19 - 2015-04-04 20:19 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\AVAST Software
2015-04-04 20:15 - 2015-04-04 20:15 - 00275464 _____ () C:\Windows\Minidump\040415-30763-01.dmp
2015-04-04 20:13 - 2015-04-05 14:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 20:12 - 2015-04-04 20:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 20:12 - 2015-04-04 20:12 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 20:12 - 2015-04-04 20:12 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 20:10 - 2015-04-04 20:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 19:57 - 2015-04-04 19:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 19:40 - 2015-04-04 19:40 - 00003258 _____ () C:\Windows\System32\Tasks\{CEC9D748-E3D0-4FE6-BB8A-9C15D5044DE5}
2015-04-04 19:35 - 2015-04-04 19:35 - 05481352 _____ (Avast Software s.r.o.) C:\Users\Public\Downloads\avast_free_antivirus_setup_online.exe
2015-04-04 18:02 - 2015-04-04 18:02 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\LibreOffice
2015-04-04 15:37 - 2015-04-04 15:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 14:32 - 2015-04-04 14:32 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-04 14:32 - 2015-04-04 14:32 - 00000963 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-03 23:34 - 2015-04-04 02:22 - 00001583 _____ () C:\Users\Public\Documents\Mike543.txt
2015-03-16 19:43 - 2015-03-16 23:10 - 00003140 _____ () C:\Users\Public\Documents\Mike53g.txt
2015-03-16 18:46 - 2015-03-16 18:46 - 00000000 _____ () C:\Windows\SysWOW64\shoB850.tmp
2015-03-16 14:24 - 2015-04-05 00:15 - 00000000 ____D () C:\Users\Public\Downloads\Bleeping
2015-03-16 12:22 - 2015-03-16 12:23 - 07782048 _____ (TeamViewer GmbH) C:\Users\Public\Downloads\TeamViewer_Setup_en-ckj.exe
2015-03-16 07:22 - 2015-03-16 07:22 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en(1).exe
2015-03-16 07:21 - 2015-03-16 07:21 - 01951468 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en (1).exe
2015-03-16 07:20 - 2015-03-16 07:20 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en.exe
2015-03-16 00:08 - 2015-03-16 00:08 - 00000000 _____ () C:\Windows\SysWOW64\sho5838.tmp
2015-03-15 10:13 - 2015-03-15 20:01 - 00000000 ____D () C:\Users\Jack\Downloads\Bleeping
2015-03-14 21:43 - 2015-04-07 14:44 - 00000000 ____D () C:\FRST
2015-03-13 16:59 - 2015-04-07 13:16 - 00001268 _____ () C:\Users\Jack\Desktop\Revo Uninstaller.lnk
2015-03-13 16:59 - 2015-04-07 13:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-13 16:55 - 2015-03-13 16:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jack\Downloads\revosetup.exe
2015-03-13 03:30 - 2015-03-13 03:30 - 00000000 _____ () C:\Windows\SysWOW64\shoD5D0.tmp
2015-03-12 19:32 - 2015-03-12 19:32 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieBrowserModeList
2015-03-12 17:22 - 2015-04-06 23:52 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-12 17:16 - 2015-03-12 17:16 - 00000000 _____ () C:\Users\Jack\Downloads\TeamViewer(4).exe
2015-03-12 16:52 - 2015-03-12 16:53 - 00000000 _____ () C:\Users\Jack\Downloads\TeamViewer.exe
2015-03-12 15:19 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 15:19 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 15:19 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 15:19 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 15:19 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 15:19 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 15:19 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 15:19 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 15:19 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 15:19 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 15:19 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 15:19 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 15:19 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-12 15:19 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 15:18 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 15:18 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 15:18 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 15:18 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 15:18 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 15:18 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 15:18 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 15:18 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 15:18 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 15:18 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 14:59 - 2015-03-12 15:03 - 00000498 _____ () C:\Windows\wininit.ini
2015-03-12 14:59 - 2015-03-12 14:59 - 00000000 ____D () C:\Users\Logan\AppData\Roaming\TeamViewer
2015-03-12 14:57 - 2015-03-12 14:58 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en(2).exe
2015-03-12 14:53 - 2015-03-12 14:54 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en(1).exe
2015-03-12 14:49 - 2015-03-12 14:58 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en.exe
2015-03-12 03:57 - 2015-03-12 03:57 - 00000000 _____ () C:\Windows\SysWOW64\shoF89E.tmp
2015-03-11 19:44 - 2015-04-07 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-11 17:33 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 17:33 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 17:33 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 17:33 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 17:33 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 17:33 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 17:33 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 17:33 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 17:33 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 17:33 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 17:33 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 17:33 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 17:33 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 17:33 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 17:32 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 17:32 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 17:32 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 17:32 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 17:32 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 17:32 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 17:32 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 17:32 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 17:32 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 17:30 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 17:30 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 17:29 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 17:29 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 17:29 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:29 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 17:29 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 17:25 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 17:25 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 17:25 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 17:25 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 17:25 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 17:25 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 17:25 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 17:25 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:25 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 17:25 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 17:25 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 17:25 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 17:25 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:25 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 17:25 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 17:25 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 17:25 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 17:25 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 17:25 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:25 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 17:25 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 17:25 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 17:25 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 17:25 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 17:25 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 17:25 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:25 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 17:25 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 17:25 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 17:25 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 17:25 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:25 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 17:25 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 17:24 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:24 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:24 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 17:24 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:24 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:24 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 17:24 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:24 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 17:24 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:24 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 17:24 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:24 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:24 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 17:24 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 17:24 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 17:24 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:24 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:24 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 17:24 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 17:24 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:24 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 17:24 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 17:24 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 17:23 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 17:23 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 16:55 - 2015-03-11 16:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Logan\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-11 15:18 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-11 15:18 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-11 15:17 - 2015-03-11 15:17 - 00002438 _____ () C:\Windows\System32\Tasks\0215avUpdateInfo
2015-03-11 15:17 - 2015-03-11 15:17 - 00000320 _____ () C:\Windows\Tasks\0215avUpdateInfo.job
2015-03-11 15:17 - 2015-03-11 15:17 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av
2015-03-11 15:13 - 2015-03-11 15:14 - 00000000 ____D () C:\9890b921fda89a2952
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-07 14:46 - 2013-07-12 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-07 14:42 - 2015-02-07 12:22 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-07 14:42 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 14:42 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 14:40 - 2012-01-14 19:04 - 01531797 _____ () C:\Windows\WindowsUpdate.log
2015-04-07 14:33 - 2010-11-20 23:47 - 00166426 _____ () C:\Windows\PFRO.log
2015-04-07 14:33 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 14:33 - 2009-07-14 00:51 - 00051368 _____ () C:\Windows\setupact.log
2015-04-07 14:27 - 2015-02-07 12:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-07 14:19 - 2015-01-11 21:11 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-07 14:19 - 2013-07-12 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 13:37 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-04 20:42 - 2014-10-26 00:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 20:36 - 2015-02-07 03:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-04 20:15 - 2014-11-18 22:51 - 291147715 _____ () C:\Windows\MEMORY.DMP
2015-04-04 20:15 - 2014-11-18 22:51 - 00000000 ____D () C:\Windows\Minidump
2015-04-04 19:44 - 2013-07-12 15:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-04 14:58 - 2015-02-07 03:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-03 19:30 - 2015-02-07 12:23 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-26 21:54 - 2014-06-18 13:41 - 00073640 _____ () C:\Users\Logan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-21 15:19 - 2014-01-06 20:05 - 00776078 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-21 15:18 - 2009-07-14 01:13 - 00776078 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 00:19 - 2013-02-24 14:01 - 00073640 _____ () C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-17 00:18 - 2009-07-14 00:45 - 00328960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 17:53 - 2011-10-24 07:07 - 00000000 ____D () C:\ProgramData\newsXpresso
2015-03-13 17:53 - 2011-10-24 05:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 15:13 - 2013-07-12 17:06 - 00000000 ____D () C:\Users\Jack\AppData\Local\Thunderbird
2015-03-13 14:10 - 2013-10-10 20:48 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2015-03-13 14:10 - 2013-07-12 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 14:09 - 2013-07-12 16:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 14:09 - 2011-10-24 07:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 16:49 - 2013-02-24 14:04 - 00000000 ___RD () C:\Users\Jack\Desktop\Startup
2015-03-12 03:23 - 2013-09-02 19:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:07 - 2013-07-23 03:17 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-05 02:44
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Jack at 2015-04-07 14:47:26
Running from C:\Users\Public\Downloads\Bleeping\FRST\0406
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
Consumer Input Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.307 - Compete Inc.) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-03-2015 17:01:03 Revo Uninstaller's restore point - Consumer Input (remove only)
13-03-2015 17:14:04 Revo Uninstaller's restore point - PC Clean Maestro
13-03-2015 17:23:47 Revo Uninstaller's restore point - Internet Helper Anti-phishing
13-03-2015 17:32:23 Revo Uninstaller's restore point - PC TuneUp Maestro
13-03-2015 17:37:21 Revo Uninstaller's restore point - Roaming Rate
13-03-2015 17:42:55 Revo Uninstaller's restore point - Fooz Kids
13-03-2015 17:43:32 Removed Fooz Kids
13-03-2015 17:46:28 Revo Uninstaller's restore point - Fooz Kids Platform
13-03-2015 17:47:25 Removed Fooz Kids Platform
13-03-2015 17:51:06 Revo Uninstaller's restore point - newsXpresso
13-03-2015 17:52:14 Removed newsXpresso
16-03-2015 19:10:08 Windows Update
21-03-2015 14:19:48 Windows Update
29-03-2015 13:53:19 Windows Update
03-04-2015 19:06:53 Windows Update
04-04-2015 19:46:12 Removed AVG 2015
04-04-2015 19:49:31 Removed AVG 2015
04-04-2015 20:09:19 avast! antivirus system restore point
05-04-2015 03:00:20 Windows Update
05-04-2015 18:50:57 Windows Update
07-04-2015 13:40:19 Removed AVG 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05C34E8D-37AE-476F-A2A3-05AA00BACF4A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0D188EF7-E509-4573-AC0F-E41CBDE5E0B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {279B59F4-0D64-4995-9006-D1F64A490A47} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {338DF401-1F0C-485E-BC6D-6EE5E700D7FF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {3824C0AD-2EFF-4EA0-A12C-6225BE511393} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
Task: {4D5C97CA-2026-4026-904F-F40B11CB9D0F} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4F171C91-A6D3-4A72-8447-A103DB51431D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {5D5408C4-1BEB-49DF-8036-2B268C9D4702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {6FB6C341-7291-4B9C-8C76-472C47CC703F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {86EF19BD-30B3-43DA-9ADA-B8824B1CEF20} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A046403F-3DF9-4BBC-B237-DB2C12798352} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {C344A271-350C-41DA-942A-71B5B2AA81A8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C93E2925-BC92-40C4-BDF1-A32593AB992B} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
Task: {E0006AA2-AA9F-44F6-87D9-61EE2A14F31A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {F4BB65A1-075B-4E36-8FA1-778CDD395A77} - System32\Tasks\{CEC9D748-E3D0-4FE6-BB8A-9C15D5044DE5} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-04 20:12 - 2015-04-04 20:12 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-07 12:29 - 2015-04-07 12:29 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040700\algo.dll
2015-02-07 03:06 - 2014-05-13 16:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-04 20:12 - 2015-04-04 20:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2585673294-479778367-4263575354-500 - Administrator - Disabled)
Guest (S-1-5-21-2585673294-479778367-4263575354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2585673294-479778367-4263575354-1002 - Limited - Enabled)
Jack (S-1-5-21-2585673294-479778367-4263575354-1000 - Administrator - Enabled) => C:\Users\Jack
Logan (S-1-5-21-2585673294-479778367-4263575354-1003 - Limited - Enabled) => C:\Users\Logan
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/07/2015 02:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2015 03:35:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (04/05/2015 03:25:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 08:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service AVGIDSAgent since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/04/2015 02:52:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/07/2015 02:28:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056
 
Error: (04/07/2015 02:27:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/07/2015 02:26:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/07/2015 02:26:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/07/2015 02:26:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (04/07/2015 02:26:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/07/2015 02:26:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Service Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/07/2015 02:26:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/07/2015 02:26:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ePower Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/07/2015 02:26:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GREGService service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/07/2015 02:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2015 03:35:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (04/05/2015 03:25:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 08:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service AVGIDSAgent since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.
 
System Error:
The system cannot find the file specified.
 
Error: (04/04/2015 02:52:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: AMD C-60 APU with Radeon™ HD Graphics
Percentage of memory in use: 53%
Total physical RAM: 1770.9 MB
Available physical RAM: 827.78 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 2262.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:217.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 948B2923)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:52 AM

Posted 09 April 2015 - 02:30 AM

Hi Mike Easter.

 

Please post content of fixlog.txt here. Also you should see Consumer Input Update Helper in Programs & Features now.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 Mike Easter

Mike Easter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 09 April 2015 - 02:10 PM

I'm pasting the fixlog from earlier fixlist; sorry, I didn't interpret your earlier message correctly, I thought you only wanted the two new scan items.
 
I can now/ could/ see Consumer Input Update Helper in Programs and Features, but when I try to remove it, I get an alert: The feature you are trying to use is on a network resource that is unavailable.  OK to try again or enter an alternate path to a folder containing the uninstallation package in the box below.  Then as I cancel out I get some other alerts related.
 
So, instead I went to Revo which I had previously downloaded but not installed to the netbook, and installed it.  Revo sequence is to try to use the program's uninstaller first, which failed with the same messages of course, and then Revo uninstalls it Revo-way.
 
Because of those changes, I'll post a fresh FRST scan as well after the older  fixlog
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Jack at 2015-04-07 14:26:34 Run:1
Running from C:\Users\Public\Downloads\Bleeping\FRST\0406
Loaded Profiles: Jack (Available profiles: Jack & Logan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
FF user.js: detected! => C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\pulm4qoh.default\user.js [2015-03-12]
S3 efavdrv; C:\Windows\SysWOW64\drivers\efavdrv.sys [115008 2015-02-07] (ESET)
2015-03-13 10:28 - 2015-03-13 10:28 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2015-03-13 10:28 - 2015-03-13 10:28 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-03-12 17:36 - 2015-03-13 17:28 - 00000000 ____D () C:\ProgramData\internethelper_antiphishing
2015-03-12 17:27 - 2015-03-12 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-03-12 17:24 - 2015-03-12 17:25 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\CompuClever
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
EmptyTemp:
*****************
 
Processes closed successfully.
C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\pulm4qoh.default\user.js => Moved successfully.
efavdrv => Service deleted successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software => Moved successfully.
"C:\Users\Default User\AppData\Roaming\TuneUp Software" => File/Directory not found.
C:\ProgramData\internethelper_antiphishing => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore => Moved successfully.
C:\Users\Jack\AppData\Roaming\CompuClever => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully.
EmptyTemp: => Removed 480 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:30:41 ====
 
Now the new scan:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Jack (administrator) on JACK-LT on 09-04-2015 14:59:42
Running from C:\Users\Public\Downloads\Bleeping\FRST\0409
Loaded Profiles: Jack (Available profiles: Jack & Logan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\pulm4qoh.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-13]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-13]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-13]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-13]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-13]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-13]
CHR Extension: (Bookmark Manager) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-21] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-07 18:55 - 2015-04-07 18:55 - 00000000 ____D () C:\Users\Jack\AppData\Local\Microsoft Games
2015-04-06 12:23 - 2015-04-06 12:23 - 00000000 ____D () C:\Users\Logan\AppData\Roaming\AVAST Software
2015-04-05 03:21 - 2015-04-05 03:26 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:21 - 2015-04-05 03:21 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:39 - 2015-04-04 20:39 - 00000000 ____D () C:\Users\Jack\Documents\ProcAlyzer Dumps
2015-04-04 20:36 - 2015-04-07 22:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-04 20:19 - 2015-04-04 20:19 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\AVAST Software
2015-04-04 20:15 - 2015-04-04 20:15 - 00275464 _____ () C:\Windows\Minidump\040415-30763-01.dmp
2015-04-04 20:13 - 2015-04-09 00:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-04 20:12 - 2015-04-04 20:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 20:12 - 2015-04-04 20:12 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 20:12 - 2015-04-04 20:12 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 20:10 - 2015-04-04 20:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 19:57 - 2015-04-04 19:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 19:40 - 2015-04-04 19:40 - 00003258 _____ () C:\Windows\System32\Tasks\{CEC9D748-E3D0-4FE6-BB8A-9C15D5044DE5}
2015-04-04 19:35 - 2015-04-04 19:35 - 05481352 _____ (Avast Software s.r.o.) C:\Users\Public\Downloads\avast_free_antivirus_setup_online.exe
2015-04-04 18:02 - 2015-04-04 18:02 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\LibreOffice
2015-04-04 15:37 - 2015-04-04 15:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 14:32 - 2015-04-04 14:32 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-04 14:32 - 2015-04-04 14:32 - 00000963 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-03 23:34 - 2015-04-04 02:22 - 00001583 _____ () C:\Users\Public\Documents\Mike543.txt
2015-03-16 19:43 - 2015-03-16 23:10 - 00003140 _____ () C:\Users\Public\Documents\Mike53g.txt
2015-03-16 18:46 - 2015-03-16 18:46 - 00000000 _____ () C:\Windows\SysWOW64\shoB850.tmp
2015-03-16 14:24 - 2015-04-09 14:33 - 00000000 ____D () C:\Users\Public\Downloads\Bleeping
2015-03-16 12:22 - 2015-03-16 12:23 - 07782048 _____ (TeamViewer GmbH) C:\Users\Public\Downloads\TeamViewer_Setup_en-ckj.exe
2015-03-16 07:22 - 2015-03-16 07:22 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en(1).exe
2015-03-16 07:21 - 2015-03-16 07:21 - 01951468 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en (1).exe
2015-03-16 07:20 - 2015-03-16 07:20 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en.exe
2015-03-16 00:08 - 2015-03-16 00:08 - 00000000 _____ () C:\Windows\SysWOW64\sho5838.tmp
2015-03-15 10:13 - 2015-03-15 20:01 - 00000000 ____D () C:\Users\Jack\Downloads\Bleeping
2015-03-14 21:43 - 2015-04-09 14:59 - 00000000 ____D () C:\FRST
2015-03-13 16:59 - 2015-04-09 14:40 - 00001228 _____ () C:\Users\Jack\Desktop\Revo Uninstaller.lnk
2015-03-13 16:59 - 2015-04-09 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-13 16:55 - 2015-03-13 16:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jack\Downloads\revosetup.exe
2015-03-13 03:30 - 2015-03-13 03:30 - 00000000 _____ () C:\Windows\SysWOW64\shoD5D0.tmp
2015-03-12 19:32 - 2015-03-12 19:32 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList
2015-03-12 17:30 - 2015-03-12 17:30 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieBrowserModeList
2015-03-12 17:22 - 2015-04-09 14:37 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-12 17:16 - 2015-03-12 17:16 - 00000000 _____ () C:\Users\Jack\Downloads\TeamViewer(4).exe
2015-03-12 16:52 - 2015-03-12 16:53 - 00000000 _____ () C:\Users\Jack\Downloads\TeamViewer.exe
2015-03-12 15:19 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 15:19 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-12 15:19 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 15:19 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-12 15:19 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 15:19 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 15:19 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 15:19 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 15:19 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 15:19 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-12 15:19 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-12 15:19 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-12 15:19 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-12 15:19 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-12 15:19 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 15:19 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 15:19 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-12 15:19 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 15:18 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 15:18 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 15:18 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 15:18 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 15:18 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 15:18 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 15:18 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 15:18 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-12 15:18 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-12 15:18 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-12 15:18 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-12 15:18 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-12 15:18 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-12 15:18 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-12 14:59 - 2015-03-12 15:03 - 00000498 _____ () C:\Windows\wininit.ini
2015-03-12 14:59 - 2015-03-12 14:59 - 00000000 ____D () C:\Users\Logan\AppData\Roaming\TeamViewer
2015-03-12 14:57 - 2015-03-12 14:58 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en(2).exe
2015-03-12 14:53 - 2015-03-12 14:54 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en(1).exe
2015-03-12 14:49 - 2015-03-12 14:58 - 05318272 _____ (TeamViewer) C:\Users\Logan\Downloads\TeamViewerQS_en.exe
2015-03-12 03:57 - 2015-03-12 03:57 - 00000000 _____ () C:\Windows\SysWOW64\shoF89E.tmp
2015-03-11 19:44 - 2015-04-07 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-11 17:33 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 17:33 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 17:33 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 17:33 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 17:33 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 17:33 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 17:33 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 17:33 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 17:33 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 17:33 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 17:33 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 17:33 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 17:33 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 17:33 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 17:33 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 17:33 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 17:32 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 17:32 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 17:32 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 17:32 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 17:32 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 17:32 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 17:32 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 17:32 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 17:32 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 17:32 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 17:32 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 17:30 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 17:30 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 17:29 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 17:29 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 17:29 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:29 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 17:29 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 17:25 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 17:25 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 17:25 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 17:25 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 17:25 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 17:25 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 17:25 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 17:25 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 17:25 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 17:25 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 17:25 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 17:25 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 17:25 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 17:25 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 17:25 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 17:25 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 17:25 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 17:25 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 17:25 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:25 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 17:25 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 17:25 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 17:25 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 17:25 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 17:25 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 17:25 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:25 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 17:25 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 17:25 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 17:25 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 17:25 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:25 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 17:25 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 17:24 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:24 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:24 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 17:24 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:24 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:24 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 17:24 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 17:24 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 17:24 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 17:24 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 17:24 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:24 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 17:24 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 17:24 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 17:24 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 17:24 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:24 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:24 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 17:24 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 17:24 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:24 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 17:24 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 17:24 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 17:23 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 17:23 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 16:55 - 2015-03-11 16:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Logan\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-11 15:18 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-11 15:18 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-11 15:17 - 2015-03-11 15:17 - 00002438 _____ () C:\Windows\System32\Tasks\0215avUpdateInfo
2015-03-11 15:17 - 2015-03-11 15:17 - 00000320 _____ () C:\Windows\Tasks\0215avUpdateInfo.job
2015-03-11 15:17 - 2015-03-11 15:17 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av
2015-03-11 15:13 - 2015-03-11 15:14 - 00000000 ____D () C:\9890b921fda89a2952
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 14:46 - 2013-07-12 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 14:38 - 2012-01-14 19:04 - 01571643 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 14:37 - 2015-02-07 12:22 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 14:27 - 2015-02-07 12:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 09:40 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 09:40 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 09:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 09:32 - 2009-07-14 00:51 - 00051480 _____ () C:\Windows\setupact.log
2015-04-08 08:20 - 2013-07-12 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 14:33 - 2010-11-20 23:47 - 00166426 _____ () C:\Windows\PFRO.log
2015-04-07 14:19 - 2015-01-11 21:11 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-07 13:37 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-04 20:42 - 2014-10-26 00:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 20:15 - 2014-11-18 22:51 - 291147715 _____ () C:\Windows\MEMORY.DMP
2015-04-04 20:15 - 2014-11-18 22:51 - 00000000 ____D () C:\Windows\Minidump
2015-04-04 19:44 - 2013-07-12 15:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-04 14:58 - 2015-02-07 03:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-03 19:30 - 2015-02-07 12:23 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-26 21:54 - 2014-06-18 13:41 - 00073640 _____ () C:\Users\Logan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-21 15:19 - 2014-01-06 20:05 - 00776078 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-21 15:18 - 2009-07-14 01:13 - 00776078 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 00:19 - 2013-02-24 14:01 - 00073640 _____ () C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-17 00:18 - 2009-07-14 00:45 - 00328960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 17:53 - 2011-10-24 07:07 - 00000000 ____D () C:\ProgramData\newsXpresso
2015-03-13 17:53 - 2011-10-24 05:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 15:13 - 2013-07-12 17:06 - 00000000 ____D () C:\Users\Jack\AppData\Local\Thunderbird
2015-03-13 14:10 - 2013-10-10 20:48 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe
2015-03-13 14:10 - 2013-07-12 16:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 14:09 - 2013-07-12 16:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 14:09 - 2011-10-24 07:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 16:49 - 2013-02-24 14:04 - 00000000 ___RD () C:\Users\Jack\Desktop\Startup
2015-03-12 03:23 - 2013-09-02 19:55 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:07 - 2013-07-23 03:17 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-05 02:44
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Jack at 2015-04-09 15:02:35
Running from C:\Users\Public\Downloads\Bleeping\FRST\0409
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-03-2015 17:32:23 Revo Uninstaller's restore point - PC TuneUp Maestro
13-03-2015 17:37:21 Revo Uninstaller's restore point - Roaming Rate
13-03-2015 17:42:55 Revo Uninstaller's restore point - Fooz Kids
13-03-2015 17:43:32 Removed Fooz Kids
13-03-2015 17:46:28 Revo Uninstaller's restore point - Fooz Kids Platform
13-03-2015 17:47:25 Removed Fooz Kids Platform
13-03-2015 17:51:06 Revo Uninstaller's restore point - newsXpresso
13-03-2015 17:52:14 Removed newsXpresso
16-03-2015 19:10:08 Windows Update
21-03-2015 14:19:48 Windows Update
29-03-2015 13:53:19 Windows Update
03-04-2015 19:06:53 Windows Update
04-04-2015 19:46:12 Removed AVG 2015
04-04-2015 19:49:31 Removed AVG 2015
04-04-2015 20:09:19 avast! antivirus system restore point
05-04-2015 03:00:20 Windows Update
05-04-2015 18:50:57 Windows Update
07-04-2015 13:40:19 Removed AVG 2015
09-04-2015 14:41:42 Revo Uninstaller's restore point - Consumer Input Update Helper
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05C34E8D-37AE-476F-A2A3-05AA00BACF4A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0D188EF7-E509-4573-AC0F-E41CBDE5E0B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {279B59F4-0D64-4995-9006-D1F64A490A47} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {338DF401-1F0C-485E-BC6D-6EE5E700D7FF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {3824C0AD-2EFF-4EA0-A12C-6225BE511393} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-13] (Adobe Systems Incorporated)
Task: {4D5C97CA-2026-4026-904F-F40B11CB9D0F} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4F171C91-A6D3-4A72-8447-A103DB51431D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-04] (Avast Software s.r.o.)
Task: {5D5408C4-1BEB-49DF-8036-2B268C9D4702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {6FB6C341-7291-4B9C-8C76-472C47CC703F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {86EF19BD-30B3-43DA-9ADA-B8824B1CEF20} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A046403F-3DF9-4BBC-B237-DB2C12798352} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {C344A271-350C-41DA-942A-71B5B2AA81A8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C93E2925-BC92-40C4-BDF1-A32593AB992B} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
Task: {E0006AA2-AA9F-44F6-87D9-61EE2A14F31A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {F4BB65A1-075B-4E36-8FA1-778CDD395A77} - System32\Tasks\{CEC9D748-E3D0-4FE6-BB8A-9C15D5044DE5} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2009-01-21 20:45 - 2009-01-21 20:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-09 00:51 - 2015-04-09 00:51 - 02925056 _____ () C:\Program Files\AVAST Software\Avast\defs\15040802\algo.dll
2015-04-09 09:32 - 2015-04-09 09:32 - 02925056 _____ () C:\Program Files\AVAST Software\Avast\defs\15040900\algo.dll
2015-02-07 03:06 - 2014-05-13 16:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-04 20:12 - 2015-04-04 20:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2585673294-479778367-4263575354-500 - Administrator - Disabled)
Guest (S-1-5-21-2585673294-479778367-4263575354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2585673294-479778367-4263575354-1002 - Limited - Enabled)
Jack (S-1-5-21-2585673294-479778367-4263575354-1000 - Administrator - Enabled) => C:\Users\Jack
Logan (S-1-5-21-2585673294-479778367-4263575354-1003 - Limited - Enabled) => C:\Users\Logan
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/09/2015 09:33:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/08/2015 08:21:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2015 03:35:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (04/05/2015 03:25:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 08:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service AVGIDSAgent since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (04/09/2015 09:41:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer service.
 
Error: (04/09/2015 09:32:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:06:33 AM on ‎4/‎9/‎2015 was unexpected.
 
Error: (04/09/2015 01:05:04 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/08/2015 01:29:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (04/07/2015 02:28:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056
 
Error: (04/07/2015 02:27:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/07/2015 02:26:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/07/2015 02:26:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/07/2015 02:26:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (04/07/2015 02:26:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/09/2015 09:33:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/08/2015 08:21:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2015 03:35:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (04/05/2015 03:25:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 08:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:54:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/04/2015 07:49:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service AVGIDSAgent since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: AMD C-60 APU with Radeon™ HD Graphics
Percentage of memory in use: 74%
Total physical RAM: 1770.9 MB
Available physical RAM: 459.49 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 1881.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:216.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 948B2923)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:52 AM

Posted 10 April 2015 - 04:46 AM

Hi Mike Easter.

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

---------------

Did your machine faster?

 

After the scan was completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 Mike Easter

Mike Easter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 12 April 2015 - 06:45 AM

I'm with you, I just need to wait for Jack's availability to turn on the netbook for me.

 

Thanks for your attention.  Yes the machine is faster than when we started.



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:52 AM

Posted 12 April 2015 - 07:00 AM

OK. No problems. :)


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 Mike Easter

Mike Easter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 12 April 2015 - 08:25 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by Jack at 2015-04-12 19:45:31 Run:2
Running from C:\Users\Public\Downloads\Bleeping\FRST\0412
Loaded Profiles: Jack (Available profiles: Jack & Logan)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Task: C:\Windows\Tasks\0215avUpdateInfo.job => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe
Task: {C93E2925-BC92-40C4-BDF1-A32593AB992B} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe [2015-02-17] ()
2015-03-11 15:17 - 2015-03-11 15:17 - 00002438 _____ () C:\Windows\System32\Tasks\0215avUpdateInfo
*****************
 
Processes closed successfully.
C:\Windows\Tasks\0215avUpdateInfo.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C93E2925-BC92-40C4-BDF1-A32593AB992B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C93E2925-BC92-40C4-BDF1-A32593AB992B}" => Key deleted successfully.
C:\Windows\System32\Tasks\0215avUpdateInfo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo" => Key deleted successfully.
"C:\Windows\System32\Tasks\0215avUpdateInfo" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:45:46 ====
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/12/2015
Scan Time: 8:12:44 PM
Logfile: 
Administrator: No
 
Version: 2.00.4.1028
Malware Database: v2015.04.12.04
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Logan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268446
Time Elapsed: 23 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2015
Ran by Logan (ATTENTION: The logged in user is not administrator) on JACK-LT on 12-04-2015 21:01:11
Running from C:\Users\Public\Downloads\Bleeping\FRST\0412
Loaded Profiles: Logan (Available profiles: Jack & Logan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atieclxx.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> CxAudMsg64.exe
Failed to access process -> dsiwmis.exe
Failed to access process -> ePowerSvc.exe
Failed to access process -> LMutilps32.exe
Failed to access process -> GREGsvc.exe
Failed to access process -> UpdaterService.exe
Failed to access process -> RS_Service.exe
Failed to access process -> sftvsa.exe
Failed to access process -> TeamViewer_Service.exe
Failed to access process -> sftlist.exe
Failed to access process -> CVHSVC.EXE
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> SearchIndexer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Failed to access process -> tv_w32.exe
Failed to access process -> tv_x64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
Failed to access process -> WmiPrvSE.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
Failed to access process -> WmiPrvSE.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
Failed to access process -> ePowerEvent.exe
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Failed to access process -> TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-04] (Avast Software s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2585673294-479778367-4263575354-1003\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-2585673294-479778367-4263575354-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2585673294-479778367-4263575354-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\2ehc8uls.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-04-04]
 
Chrome: 
=======
CHR Profile: C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07]
CHR Extension: (YouTube) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-07]
CHR Extension: (Google Search) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-07]
CHR Extension: (Maps Homepage) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peefijfehegcihhmnnaopkhgfaodgodb [2015-02-13]
CHR Extension: (Gmail) - C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-04] (Avast Software s.r.o.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-04] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-04] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-04] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-04] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-04] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-04] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-01-21] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-06 12:23 - 2015-04-06 12:23 - 00000000 ____D () C:\Users\Logan\AppData\Roaming\AVAST Software
2015-04-05 03:21 - 2015-04-05 03:26 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:21 - 2015-04-05 03:21 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 20:39 - 2015-04-04 20:39 - 00000000 ____D () C:\Users\Jack\Documents\ProcAlyzer Dumps
2015-04-04 20:36 - 2015-04-07 22:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-04 20:19 - 2015-04-04 20:19 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\AVAST Software
2015-04-04 20:12 - 2015-04-04 20:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-04 20:12 - 2015-04-04 20:12 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-04 20:12 - 2015-04-04 20:12 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-04 20:12 - 2015-04-04 20:12 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-04 20:10 - 2015-04-04 20:10 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-04 19:57 - 2015-04-04 19:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-04-04 19:35 - 2015-04-04 19:35 - 05481352 _____ (Avast Software s.r.o.) C:\Users\Public\Downloads\avast_free_antivirus_setup_online.exe
2015-04-04 18:02 - 2015-04-04 18:02 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\LibreOffice
2015-04-04 15:37 - 2015-04-04 15:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 14:32 - 2015-04-04 14:32 - 00000975 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-04 14:32 - 2015-04-04 14:32 - 00000963 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-03 23:34 - 2015-04-04 02:22 - 00001583 _____ () C:\Users\Public\Documents\Mike543.txt
2015-03-16 19:43 - 2015-03-16 23:10 - 00003140 _____ () C:\Users\Public\Documents\Mike53g.txt
2015-03-16 18:46 - 2015-03-16 18:46 - 00000000 _____ () C:\Windows\SysWOW64\shoB850.tmp
2015-03-16 14:24 - 2015-04-12 20:58 - 00000000 ____D () C:\Users\Public\Downloads\Bleeping
2015-03-16 12:22 - 2015-03-16 12:23 - 07782048 _____ (TeamViewer GmbH) C:\Users\Public\Downloads\TeamViewer_Setup_en-ckj.exe
2015-03-16 07:22 - 2015-03-16 07:22 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en(1).exe
2015-03-16 07:21 - 2015-03-16 07:21 - 01951468 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en (1).exe
2015-03-16 07:20 - 2015-03-16 07:20 - 07782048 _____ (TeamViewer GmbH) C:\Users\Jack\Downloads\TeamViewer_Setup_en.exe
2015-03-16 00:08 - 2015-03-16 00:08 - 00000000 _____ () C:\Windows\SysWOW64\sho5838.tmp
2015-03-15 10:13 - 2015-03-15 20:01 - 00000000 ____D () C:\Users\Jack\Downloads\Bleeping
2015-03-14 21:43 - 2015-04-12 21:01 - 00000000 ____D () C:\FRST
2015-03-13 16:59 - 2015-04-09 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-13 16:55 - 2015-03-13 16:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jack\Downloads\revosetup.exe
2015-03-13 03:30 - 2015-03-13 03:30 - 00000000 _____ () C:\Windows\SysWOW64\shoD5D0.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 21:01 - 2015-03-12 17:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-12 20:51 - 2012-01-14 19:04 - 01639849 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 20:46 - 2013-07-12 16:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-12 20:28 - 2015-02-07 12:22 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-12 20:08 - 2015-02-07 12:22 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 20:01 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 20:01 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 19:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 19:53 - 2009-07-14 00:51 - 00051648 _____ () C:\Windows\setupact.log
2015-04-08 08:20 - 2013-07-12 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 14:33 - 2010-11-20 23:47 - 00166426 _____ () C:\Windows\PFRO.log
2015-04-07 14:19 - 2015-01-11 21:11 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-07 13:37 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-07 12:55 - 2015-03-11 19:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-04-04 20:42 - 2014-10-26 00:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-04 20:15 - 2014-11-18 22:51 - 291147715 _____ () C:\Windows\MEMORY.DMP
2015-04-04 20:15 - 2014-11-18 22:51 - 00000000 ____D () C:\Windows\Minidump
2015-04-04 19:44 - 2013-07-12 15:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-04 14:58 - 2015-02-07 03:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-03 19:30 - 2015-02-07 12:23 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-26 21:54 - 2014-06-18 13:41 - 00073640 _____ () C:\Users\Logan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-21 15:19 - 2014-01-06 20:05 - 00776078 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-21 15:18 - 2009-07-14 01:13 - 00776078 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 00:18 - 2009-07-14 00:45 - 00328960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 17:53 - 2011-10-24 07:07 - 00000000 ____D () C:\ProgramData\newsXpresso
2015-03-13 17:53 - 2011-10-24 05:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 14:09 - 2013-07-12 16:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-13 14:09 - 2011-10-24 07:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-13 11:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 03:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2015
Ran by Logan at 2015-04-12 21:03:38
Running from C:\Users\Public\Downloads\Bleeping\FRST\0412
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.8.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LibreOffice 4.3.1.2 (HKLM-x32\...\{303C2B0D-03AF-4C25-A443-E62DE8AA36A8}) (Version: 4.3.1.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05C34E8D-37AE-476F-A2A3-05AA00BACF4A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask No Task File <==== ATTENTION
Task: {0A4BDF6A-3A30-411C-89C9-53AECA5BE337} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
Task: {0D188EF7-E509-4573-AC0F-E41CBDE5E0B7} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {279B59F4-0D64-4995-9006-D1F64A490A47} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {338DF401-1F0C-485E-BC6D-6EE5E700D7FF} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {3824C0AD-2EFF-4EA0-A12C-6225BE511393} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {4D5C97CA-2026-4026-904F-F40B11CB9D0F} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4F171C91-A6D3-4A72-8447-A103DB51431D} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
Task: {5D5408C4-1BEB-49DF-8036-2B268C9D4702} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {6FB6C341-7291-4B9C-8C76-472C47CC703F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
Task: {7B07ED1B-99A6-4D15-A3F8-D647666FB779} - No Task path could be read. Access denied. 
Task: {86EF19BD-30B3-43DA-9ADA-B8824B1CEF20} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A046403F-3DF9-4BBC-B237-DB2C12798352} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
Task: {B0294FEE-4755-480D-8F10-F14ACCDD3D38} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Task: {C344A271-350C-41DA-942A-71B5B2AA81A8} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Task: {E0006AA2-AA9F-44F6-87D9-61EE2A14F31A} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
Task: {F4BB65A1-075B-4E36-8FA1-778CDD395A77} - \{CEC9D748-E3D0-4FE6-BB8A-9C15D5044DE5} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => 
 
==================== Loaded Modules (whitelisted) ==============
 
2011-05-25 03:50 - 2011-05-25 03:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 14:17 - 2011-03-22 14:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-02-07 03:06 - 2014-05-13 16:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-07 03:06 - 2014-05-13 16:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-04 20:12 - 2015-04-04 20:12 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-04 20:12 - 2015-04-04 20:12 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 19:30 - 2015-03-30 17:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2585673294-479778367-4263575354-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2585673294-479778367-4263575354-500 - Administrator - Disabled)
Guest (S-1-5-21-2585673294-479778367-4263575354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2585673294-479778367-4263575354-1002 - Limited - Enabled)
Jack (S-1-5-21-2585673294-479778367-4263575354-1000 - Administrator - Enabled) => C:\Users\Jack
Logan (S-1-5-21-2585673294-479778367-4263575354-1003 - Limited - Enabled) => C:\Users\Logan
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/12/2015 08:03:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (04/12/2015 07:54:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2015 07:35:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/09/2015 10:50:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/09/2015 09:33:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/08/2015 08:21:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2015 03:35:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
 
System errors:
=============
Error: (04/12/2015 07:46:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/12/2015 07:45:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/12/2015 07:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/12/2015 07:45:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/12/2015 07:45:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 10 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 2000 milliseconds: Restart the service.
 
Error: (04/12/2015 07:45:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/12/2015 07:45:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Live Updater Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/12/2015 07:45:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Raw Socket Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/12/2015 07:45:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dritek WMI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.
 
Error: (04/12/2015 07:45:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Service Agent service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (04/12/2015 08:03:42 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (04/12/2015 07:54:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2015 07:35:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/09/2015 10:50:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/09/2015 09:33:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/08/2015 08:21:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:34:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/07/2015 02:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/06/2015 10:24:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/05/2015 03:35:30 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
 
==================== Memory info =========================== 
 
Processor: AMD C-60 APU with Radeon™ HD Graphics
Percentage of memory in use: 62%
Total physical RAM: 1770.9 MB
Available physical RAM: 661.51 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 1742.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:216.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
 


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:52 AM

Posted 13 April 2015 - 10:53 AM

Hi Mike Easter.

 

Please run MBAM scan and create new FRST log for me again with admin account.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 Mike Easter

Mike Easter
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 13 April 2015 - 12:49 PM

I think this netbook is very marginal on ram and cpu for its OS and so it appears sluggish.

My understanding is that a 64 bit OS uses more ram than does a 32 bit for the following reasons:

 - it loads both 64 & 32 bit libraries into ram
 - 64 bit addresses take up a little more ram
 - maybe that extra ram is only about 100 meg or a little more

On a system which is hanging on the edge of its CPU and ram's capabilities, every little 100 meg of ram or 200 MHz CPU more or less make a difference.

Because I am physically separated from this machine and am affected by the limitations of no observation during an OS reboot, I can't actually see how long it takes this Win7 64bit HomePrem to load, but it has a relatively weak CPU namely a 1 GHz AMD C-60 and 2G of ram.  It is my sense that it is likely using pagefile hdd very often to handle some task.

I think it is taking a long time to load the OS on reboot, but I can't measure that with TV TeamViewer which doesn't engage until the OS is loaded and TV started.  I also think it is taking a long time to load such applications as a browser or a word processor or a mail client which has extensive mail storage, but I can't really quantitate those items.

On my systems at home, I am able to boot a live linux distro from a USB and get a sense of the performance comparisons between a lightweight distribution and a more demanding one.  I'm not able to do those hardware comparisons on this machine.

I have two windows machines in my location which I can observe for speed on identical hardware, one of which is Win7 Pro 64bit and one of which is Win7 HomePrem 32 bit, but those two have plenty of breathing room at 8G ram and 3 GHz AMD Athlon II X2 B24, so the minor factor of 32 bit vs 64 is insignificant.

I believe on Jack's netbook, nothing is insignificant if it 'edges' the nb into pagefiling with a huge performance hit. If it were mine, I would mostly use some other OS that wasn't using so much ram and cpu such as a light weight linux distro.



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:06:52 AM

Posted 14 April 2015 - 10:11 AM

Hi Mike Easter.

 

Thanks for the explaination. Now please follow my last instructions and post the logs. :)


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users