Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE not opening, PC showing as public and not private as it was previou

Started by kikiera , Jun 13 2014 09:03 AM

This topic is locked

#1
kikiera

Posted 13 June 2014 - 09:03 AM

Member

Member
66 posts

Hi!
My PC has been booting and running slower and slower lately. I got suspicious when I attempted to use IE and the screen flashed as though the window were going to open but something would not allow it to. I have found that IE is not located in my Programs and Features list. However, I still have the icons in my start menu as well as on my desktop and files in the Programs files folders. I attempted to go to my bank's website and was given the warning about being on a public network, or computer. Normally it does not, instead it knows it is a private computer. I also noticed that my PC isn't sleeping anymore. I originally had it set to sleep after a specific amount of time and then request my password to regain access afterwards.
I have run AVAST and found 54 items during a boot scan which I moved to the virus chest.
I have run MBAM and found the following:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2014
Scan Time: 2:01:48 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.13.02
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Koony

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281362
Time Elapsed: 34 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe, 2956, Delete-on-Reboot, [0ee83542b4c79b9b23fb6f6e37cc30d0]

Modules: 0
(No malicious items detected)

Registry Keys: 161
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, Quarantined, [6393294e57242214969ae98c6999a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, Quarantined, [6393294e57242214969ae98c6999a060],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [04f21d5a304bef47622c122f22e09967],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, Quarantined, [04f21d5a304bef47622c122f22e09967],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, Quarantined, [eb0b9add9be0cb6ba80ba4d0c141bc44],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, Quarantined, [eb0b9add9be0cb6ba80ba4d0c141bc44],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [eb0b9add9be0cb6ba80ba4d0c141bc44],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, Quarantined, [eb0b9add9be0cb6ba80ba4d0c141bc44],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [eb0b9add9be0cb6ba80ba4d0c141bc44],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, Quarantined, [eb0b9add9be0cb6ba80ba4d0c141bc44],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, Quarantined, [eb0b9add9be0cb6ba80ba4d0c141bc44],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [d71f2552bac19b9b43eeff768d75936d],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [d71f2552bac19b9b43eeff768d75936d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, Quarantined, [2bcbc5b28bf01a1c486c641042c0b44c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, Quarantined, [2bcbc5b28bf01a1c486c641042c0b44c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, Quarantined, [2bcbc5b28bf01a1c486c641042c0b44c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, Quarantined, [2bcbc5b28bf01a1c486c641042c0b44c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, Quarantined, [2bcbc5b28bf01a1c486c641042c0b44c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, Quarantined, [2bcbc5b28bf01a1c486c641042c0b44c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, Quarantined, [2bcbc5b28bf01a1c486c641042c0b44c],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CLSID\{06e3475c-5521-4de8-bb12-50720f21631c}, Quarantined, [e80e1e592c4fb77f60ae61dde22015eb],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{06E3475C-5521-4DE8-BB12-50720F21631C}, Quarantined, [e80e1e592c4fb77f60ae61dde22015eb],
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{06E3475C-5521-4DE8-BB12-50720F21631C}, Quarantined, [e80e1e592c4fb77f60ae61dde22015eb],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{06E3475C-5521-4DE8-BB12-50720F21631C}, Quarantined, [e80e1e592c4fb77f60ae61dde22015eb],
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{06E3475C-5521-4DE8-BB12-50720F21631C}, Quarantined, [e80e1e592c4fb77f60ae61dde22015eb],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{06E3475C-5521-4DE8-BB12-50720F21631C}, Quarantined, [e80e1e592c4fb77f60ae61dde22015eb],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CLSID\{b7acdf9c-c4f9-4d5d-998e-b147866b4d4c}, Quarantined, [3abc1c5b66159e98c74840fe748e52ae],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}, Quarantined, [3abc1c5b66159e98c74840fe748e52ae],
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}, Quarantined, [3abc1c5b66159e98c74840fe748e52ae],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}, Quarantined, [3abc1c5b66159e98c74840fe748e52ae],
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}, Quarantined, [3abc1c5b66159e98c74840fe748e52ae],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}, Quarantined, [3abc1c5b66159e98c74840fe748e52ae],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CLSID\{cf51de5b-eb36-4114-bb69-84df63fbadb4}, Quarantined, [f501d3a46b106acc9d74291536cc01ff],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}, Quarantined, [f501d3a46b106acc9d74291536cc01ff],
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}, Quarantined, [f501d3a46b106acc9d74291536cc01ff],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}, Quarantined, [f501d3a46b106acc9d74291536cc01ff],
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}, Quarantined, [f501d3a46b106acc9d74291536cc01ff],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}, Quarantined, [f501d3a46b106acc9d74291536cc01ff],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, Quarantined, [20d6e196f78438fea80d0d676e94ff01],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [20d6e196f78438fea80d0d676e94ff01],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [20d6e196f78438fea80d0d676e94ff01],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [20d6e196f78438fea80d0d676e94ff01],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [20d6e196f78438fea80d0d676e94ff01],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, Quarantined, [51a5c4b31b601224ad090b69dc26c937],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [51a5c4b31b601224ad090b69dc26c937],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, Quarantined, [51a5c4b31b601224ad090b69dc26c937],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, Quarantined, [51a5c4b31b601224ad090b69dc26c937],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [51a5c4b31b601224ad090b69dc26c937],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, Quarantined, [a84e8bec14679e981c9b4e26c53def11],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, Quarantined, [a84e8bec14679e981c9b4e26c53def11],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, Quarantined, [a84e8bec14679e981c9b4e26c53def11],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, Quarantined, [a84e8bec14679e981c9b4e26c53def11],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, Quarantined, [a84e8bec14679e981c9b4e26c53def11],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, Quarantined, [e313beb9c9b216208830d69e748e34cc],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [e313beb9c9b216208830d69e748e34cc],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, Quarantined, [e313beb9c9b216208830d69e748e34cc],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, Quarantined, [e313beb9c9b216208830d69e748e34cc],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [e313beb9c9b216208830d69e748e34cc],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, Quarantined, [a353f087a9d21d190aaf3143c93920e0],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, Quarantined, [a353f087a9d21d190aaf3143c93920e0],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, Quarantined, [a353f087a9d21d190aaf3143c93920e0],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, Quarantined, [a353f087a9d21d190aaf3143c93920e0],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, Quarantined, [a353f087a9d21d190aaf3143c93920e0],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO.1, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO.1, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader.1, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader.1, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, Quarantined, [fcfa89ee6e0df83e447690e415eda55b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, Quarantined, [fcfa89ee6e0df83e447690e415eda55b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, Quarantined, [fcfa89ee6e0df83e447690e415eda55b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, Quarantined, [fcfa89ee6e0df83e447690e415eda55b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, Quarantined, [fcfa89ee6e0df83e447690e415eda55b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, Quarantined, [a84ec3b47308de58bcff2153ce3425db],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [a84ec3b47308de58bcff2153ce3425db],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, Quarantined, [a84ec3b47308de58bcff2153ce3425db],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, Quarantined, [a84ec3b47308de58bcff2153ce3425db],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [a84ec3b47308de58bcff2153ce3425db],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, Quarantined, [7284d6a1007bdc5a4e6e5321d0321de3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, Quarantined, [7284d6a1007bdc5a4e6e5321d0321de3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, Quarantined, [c92dda9d7dfe53e3e3dbde9608fa12ee],
PUP.Optional.WordOV, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, Quarantined, [c5311d5aea91a88e1dd73a3b1fe3bc44],
PUP.Optional.WordOV, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, Quarantined, [c5311d5aea91a88e1dd73a3b1fe3bc44],
PUP.Optional.WordOV, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, Quarantined, [c5311d5aea91a88e1dd73a3b1fe3bc44],
PUP.Optional.WordOV, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, Quarantined, [c5311d5aea91a88e1dd73a3b1fe3bc44],
PUP.Optional.WordOV, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, Quarantined, [c5311d5aea91a88e1dd73a3b1fe3bc44],
PUP.Optional.WordOV, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, Quarantined, [c5311d5aea91a88e1dd73a3b1fe3bc44],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, Quarantined, [46b06b0c7dfe74c23d826b09fa088080],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, Quarantined, [46b06b0c7dfe74c23d826b09fa088080],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, Quarantined, [46b06b0c7dfe74c23d826b09fa088080],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, Quarantined, [46b06b0c7dfe74c23d826b09fa088080],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, Quarantined, [46b06b0c7dfe74c23d826b09fa088080],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, Quarantined, [46b06b0c7dfe74c23d826b09fa088080],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, Quarantined, [8f67ccabf58642f4fdc378fc9270d729],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, Quarantined, [8f67ccabf58642f4fdc378fc9270d729],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, Quarantined, [8f67ccabf58642f4fdc378fc9270d729],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, Quarantined, [8f67ccabf58642f4fdc378fc9270d729],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, Quarantined, [8f67ccabf58642f4fdc378fc9270d729],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, Quarantined, [0aecde9982f931052899d59f0200cb35],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, Quarantined, [0aecde9982f931052899d59f0200cb35],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, Quarantined, [0aecde9982f931052899d59f0200cb35],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, Quarantined, [0aecde9982f931052899d59f0200cb35],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, Quarantined, [0aecde9982f931052899d59f0200cb35],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, Quarantined, [00f6b6c190eb0e28556d3f35e41e4ab6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, Quarantined, [00f6b6c190eb0e28556d3f35e41e4ab6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, Quarantined, [00f6b6c190eb0e28556d3f35e41e4ab6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, Quarantined, [00f6b6c190eb0e28556d3f35e41e4ab6],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, Quarantined, [00f6b6c190eb0e28556d3f35e41e4ab6],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}, Quarantined, [7d799bdc5e1d5cdadc5c231f7c868a76],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, Quarantined, [07efe7903c3f270f1449d1a30ef4df21],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [fcfa522582f93006019dc7adab57a65a],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [807699de483301354a55d59f8e745fa1],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, Quarantined, [b046c7b0f08bd165c5c9ede9699a9f61],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\priam_bho.DLL, Quarantined, [61959ed9e893e6503c485b7d0cf79a66],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, Quarantined, [7284fa7d7efdaa8cc6c9c214c142ab55],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [6b8b54235b2053e3a473c1ff02004bb5],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\RecipeHub_2j, Quarantined, [777fd2a5b1ca0c2a322d11dfc93a639d],
PUP.Optional.TigerSavings.A, HKLM\SOFTWARE\WOW6432NODE\Tiger Savings, Quarantined, [886e0e698af1c96d49906b3bcd3532ce],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, Quarantined, [e511275039426bcb22c743ac946f5ba5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, Quarantined, [995d7ef9f7842016f29c7660b74ced13],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\priam_bho.DLL, Quarantined, [e1150275bac186b02d57f2e69b68b749],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@RecipeHub_2j.com/Plugin, Quarantined, [7d79fa7de2991b1ba272c3e6aa5809f7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, Quarantined, [7c7ad89f2952a4924f42dbfb08fb36ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, Quarantined, [8670cbac205b80b68110498d4bb8936d],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WajamUpdaterV3, Quarantined, [0ee83542b4c79b9b23fb6f6e37cc30d0],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ConduitSearchScopes, Quarantined, [8d69e88f4239b97deb7a4992857e9769],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, Quarantined, [7185383fdba05fd7eaa9bc1a3ec5f60a],
PUP.Optional.Iminent.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Quarantined, [589e7403fd7e31058c8cdde3d23038c8],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RecipeHub_2j, Quarantined, [25d1c6b1e398e353c29e15dbd330c739],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [e80e6f08f685ca6cabfa6584eb18f10f],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [62947205de9ded492f5b4574d52d946c],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RecipeHub_2j, Quarantined, [3eb8b5c215662e089b62574bb34fa759],
PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, Quarantined, [d323284fc8b3c274cdaf10a6946e5ea2],
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [14e2a6d1770426106c9e8a358f7314ec],
PUP.Optional.Wajam.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [6f87e0978eed251161250ecad82ba35d],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],

Registry Values: 5
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{cc8ae5b8-005b-4b1a-a27d-307eddffe5c8}, Quarantined, [fef84e29c4b71f17b957d668a062dc24],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{CC8AE5B8-005B-4B1A-A27D-307EDDFFE5C8}, Quarantined, [fef84e29c4b71f17b957d668a062dc24],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WAJAM|red, 4, Quarantined, [24d25225a4d790a699eeeaeec53eac54]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoGOblidooYB, Quarantined, [14e2a6d1770426106c9e8a358f7314ec]
PUP.Optional.Wajam.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 3008, Quarantined, [6f87e0978eed251161250ecad82ba35d]

Registry Data: 5
PUP.Optional.Snapdo, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://feed.snapdo.c...earchtype=ds&q={searchTerms}&installDate={installDate}, Good: (http://www.google.com), Bad: (http://feed.snapdo.c...e={installDate}),Replaced,[d0261d5abebde94de67badc7689c17e9]
PUP.Optional.Snapdo, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.c...earchtype=ds&q={searchTerms}&installDate={installDate}, Good: (http://www.google.com), Bad: (http://feed.snapdo.c...e={installDate}),Replaced,[ec0a0671a2d9cf6778e8c8ac2bd9fb05]
PUP.Optional.Snapdo, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.snapdo.c...earchtype=ds&q={searchTerms}&installDate={installDate}, Good: (http://www.google.com), Bad: (http://feed.snapdo.c...e={installDate}),Replaced,[df1785f2473452e4d390ec889371da26]
PUP.Optional.Snapdo, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.snapdo.c...earchtype=ds&q={searchTerms}&installDate={installDate}, Good: (http://www.google.com), Bad: (http://feed.snapdo.c...e={installDate}),Replaced,[fdf9f1863d3e62d4382cfa7abb49ac54]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1077101162-4101747896-2045992607-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.c...earchtype=ds&q={searchTerms}&installDate={installDate}, Good: (www.google.com), Bad: (http://feed.snapdo.c...e={installDate}),Replaced,[a551a5d20972df5722daa5c573919b65]

Folders: 35
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, Quarantined, [71856d0ad2a971c549de75129f63c53b],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, Quarantined, [71856d0ad2a971c549de75129f63c53b],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, Quarantined, [71856d0ad2a971c549de75129f63c53b],
PUP.Optional.DealPly.A, C:\Users\Koony\AppData\Roaming\Dealply, Quarantined, [43b3d1a66e0dec4a41e7fb8cdb27857b],
PUP.Optional.DealPly.A, C:\Users\Koony\AppData\Roaming\Dealply\UpdateProc, Quarantined, [43b3d1a66e0dec4a41e7fb8cdb27857b],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{2A902E00-86A1-4729-A274-D00B91696F5B}, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Delete-on-Reboot, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater, Delete-on-Reboot, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.OpenCandy, C:\Users\Koony\AppData\Roaming\OpenCandy, Quarantined, [43b38fe8adce5fd7a0bfdfa8a75b5ea2],
PUP.Optional.OpenCandy, C:\Users\Koony\AppData\Roaming\OpenCandy\4E1C475D286048398D26363119BCCF32, Quarantined, [43b38fe8adce5fd7a0bfdfa8a75b5ea2],
PUP.Optional.OpenCandy, C:\Users\Koony\AppData\Roaming\OpenCandy\631F8A1D479F40F1B8533BBD54DDA228, Quarantined, [43b38fe8adce5fd7a0bfdfa8a75b5ea2],
PUP.Optional.DealPly.A, C:\Users\Koony\AppData\Local\DealPlyLive, Quarantined, [bf37492ea7d447ef6617e3a48e74eb15],
PUP.Optional.DealPly.A, C:\Users\Koony\AppData\Local\DealPlyLive\CrashReports, Quarantined, [bf37492ea7d447ef6617e3a48e74eb15],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, Quarantined, [d2243245f58655e1b3377b0c14ee7d83],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3315828, Quarantined, [d2243245f58655e1b3377b0c14ee7d83],
PUP.Optional.MixiDJToolbar.A, C:\Users\Koony\AppData\Local\MixiDJ_V30, Quarantined, [e2147403611a5dd9c40f097f5aa8a060],
PUP.Optional.MixiDJToolbar.A, C:\Users\Koony\AppData\Local\MixiDJ_V30\Logs, Quarantined, [e2147403611a5dd9c40f097f5aa8a060],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\RecipeHub_2j, Quarantined, [35c11c5bd7a4b58116adcec0dc26669a],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\RecipeHub_2j\bar, Quarantined, [35c11c5bd7a4b58116adcec0dc26669a],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\RecipeHub_2j\bar\1.bin, Quarantined, [35c11c5bd7a4b58116adcec0dc26669a],
PUP.Optional.SearchProtect.A, C:\Users\Koony\AppData\Local\SearchProtect, Quarantined, [56a00a6d3c3f7fb71a423f5e3ac824dc],
PUP.Optional.SearchProtect.A, C:\Users\Koony\AppData\Local\SearchProtect\Logs, Quarantined, [56a00a6d3c3f7fb71a423f5e3ac824dc],

Files: 141
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\priam_bho.dll, Quarantined, [a551611689f27eb858da690bbd45a060],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, Quarantined, [7284d6a1007bdc5a4e6e5321d0321de3],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, Quarantined, [fcfae790314a93a3d6e7472d9e64af51],
PUP.Optional.DownloadAdmin, C:\Users\Koony\Downloads\playpickle-setup.exe, Quarantined, [6393dc9b364513238628191d08fca858],
PUP.Optional.Iminent.A, C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [37bf3740235882b4be628d1b778bf20e],
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, Quarantined, [639346317b005dd9f0be924d0cf72dd3],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe, Delete-on-Reboot, [0ee83542b4c79b9b23fb6f6e37cc30d0],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, Quarantined, [71856d0ad2a971c549de75129f63c53b],
PUP.Optional.DealPly.A, C:\Users\Koony\AppData\Roaming\Dealply\UpdateProc\config.dat, Quarantined, [43b3d1a66e0dec4a41e7fb8cdb27857b],
PUP.Optional.DealPly.A, C:\Users\Koony\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, Quarantined, [43b3d1a66e0dec4a41e7fb8cdb27857b],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, Quarantined, [fef88ceb4b3076c063c63b4cf012d32d],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\favicon.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\amazon.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\argos.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\ask.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\bestbuy.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\bing.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\ebay.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\etsy.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\facebook.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\favicon.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\google.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\homedepot.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\ikea.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\imdb.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\lowes.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\mercado.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\mysearchweb.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\myshopping.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\searchresult.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\sears.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\setting.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\settings.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\shopping.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\target.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\tesco.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\tripadvisor.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\twitter.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\wajam.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\walmart.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\wiki.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\yahoo.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\zalando.ico, Quarantined, [55a12c4bb0cb989e939d2c5bb25051af],
PUP.Optional.OpenCandy, C:\Users\Koony\AppData\Roaming\OpenCandy\4E1C475D286048398D26363119BCCF32\PureLeadsSetupx21701.exe, Quarantined, [43b38fe8adce5fd7a0bfdfa8a75b5ea2],
PUP.Optional.OpenCandy, C:\Users\Koony\AppData\Roaming\OpenCandy\631F8A1D479F40F1B8533BBD54DDA228\SkypeSetupFull(Trackable550)trackable-6.16.0.105 (1).exe, Quarantined, [43b38fe8adce5fd7a0bfdfa8a75b5ea2],
PUP.Optional.OpenCandy, C:\Users\Koony\AppData\Roaming\OpenCandy\631F8A1D479F40F1B8533BBD54DDA228\SkypeSetupFull-p2v0.exe, Quarantined, [43b38fe8adce5fd7a0bfdfa8a75b5ea2],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3315828\UninstallerUI.exe, Quarantined, [d2243245f58655e1b3377b0c14ee7d83],
PUP.Optional.MixiDJToolbar.A, C:\Users\Koony\AppData\Local\MixiDJ_V30\hk64tbMixi.dll, Quarantined, [e2147403611a5dd9c40f097f5aa8a060],
PUP.Optional.MixiDJToolbar.A, C:\Users\Koony\AppData\Local\MixiDJ_V30\hktbMixi.dll, Quarantined, [e2147403611a5dd9c40f097f5aa8a060],
PUP.Optional.MixiDJToolbar.A, C:\Users\Koony\AppData\Local\MixiDJ_V30\ldrtbMixi.dll, Quarantined, [e2147403611a5dd9c40f097f5aa8a060],
PUP.Optional.MixiDJToolbar.A, C:\Users\Koony\AppData\Local\MixiDJ_V30\tbMixi.dll, Quarantined, [e2147403611a5dd9c40f097f5aa8a060],
PUP.Optional.MixiDJToolbar.A, C:\Users\Koony\AppData\Local\MixiDJ_V30\toolbar.cfg, Quarantined, [e2147403611a5dd9c40f097f5aa8a060],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Settings.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Facebook.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Twitter.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Ask.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Bing.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Google.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\IMDb.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Shopping.com.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\TripAdvisor.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Wikipedia.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Amazon.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Argos.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ebay.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Etsy.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\HomeDepot.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ikea.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Lowe's.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Mercadolivre.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\MyShopping.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Sears.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Target.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Tesco.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Walmart.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Zalando.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.Wajam.A, C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam\uninstall.lnk, Quarantined, [47af2c4b3b4058de716bb8d0bd45c33d],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\BOOTSTRAP.JS, Quarantined, [35c11c5bd7a4b58116adcec0dc26669a],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\installKeys.js, Quarantined, [35c11c5bd7a4b58116adcec0dc26669a],

Physical Sectors: 0
(No malicious items detected)

(end)

All of which I quarantined.

At this point, I have not run AdwCleaner although I do have it downloaded. I have noticed Mindspark in these lists yet it is still in my Programs and Features list and when I attempt to uninstall it I get the RUN DLL error box text:
There was a problem starting C:\ProgramFiles(x86)\RecipiesHub_2j\bar\1.bin\2jBar.dll
To which I click OK because there are no other options.

Thought should seek assistance from the professionals after working at it for a while. OTL LOG is inserted below.

Any help will be greatly appreciated.

Thank you in advance!

OTL logfile created on: 6/13/2014 9:33:29 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Koony\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.71 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 61.43% Memory free
4.58 Gb Paging File | 2.30 Gb Available in Paging File | 50.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.61 Gb Total Space | 339.02 Gb Free Space | 76.77% Space Free | Partition Type: NTFS

Computer Name: SHARONJONESHALL | User Name: Koony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/13 05:11:39 | 001,091,912 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_786D4.tmp\setup.exe
PRC - [2014/06/13 05:11:34 | 039,078,480 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\Install\{F4A95357-C7DB-4DFE-AD54-73B8AA454EA4}\35.0.1916.153_chrome_installer.exe
PRC - [2014/06/13 01:21:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Koony\Downloads\OTL.exe
PRC - [2014/06/12 19:19:48 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/06/04 22:04:51 | 000,429,056 | ---- | M] (Microsoft) -- C:\Program Files\WindowsApps\Microsoft.Taptiles_2.1.1405.2329_x86__8wekyb3d8bbwe\Taptiles.exe
PRC - [2014/05/14 12:17:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/06 22:26:43 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/03 18:08:13 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2014/05/02 15:24:31 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/05/02 15:24:25 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/04/06 23:01:02 | 000,367,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/09 14:38:12 | 001,174,152 | ---- | M] (WiseCleaner.com) -- C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
PRC - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
PRC - [2012/07/05 21:50:26 | 000,553,616 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2012/07/04 13:57:44 | 000,990,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011/09/05 13:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/28 05:11:05 | 000,041,984 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll
MOD - [2014/05/28 05:10:33 | 000,227,328 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\5c7c9f4bd1fc9e9f637b2435b69ce105\CEServices.ni.dll
MOD - [2014/05/28 05:10:17 | 000,483,840 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
MOD - [2014/05/28 05:09:43 | 000,258,560 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\6aeb49424ffba822ec5d785ad67a7f28\Arkadium.CdnModule.ni.dll
MOD - [2014/05/28 05:09:41 | 000,122,880 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\fc79342af60c7741b6569a2d61d90a1a\Arkadium.Xaml.Toolkit.ni.dll
MOD - [2014/05/28 05:09:24 | 000,310,272 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\f7e5a15c9981431fd2f771b9481f83e0\Arkadium.LeaderboardModule.ni.dll
MOD - [2014/05/28 05:09:20 | 000,249,344 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\e7a9e0b77f831f5a0cc42115ceabf2a2\Arkadium.AwardsModule.ni.dll
MOD - [2014/05/28 05:09:17 | 000,152,064 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\94119bff3cfaa9a57ec27e09b3e6ca5b\Arkadium.AchievementsModule.ni.dll
MOD - [2014/05/28 05:09:15 | 000,122,880 | ---- | M] () -- C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\d844f788b32033689d5afca27bb255a6\Arkadium.ApplicationFramework.ni.dll
MOD - [2014/05/16 04:42:56 | 000,146,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\8e945b32dd6b4b00c900f6c01c0f3c62\System.Numerics.ni.dll
MOD - [2014/05/16 04:42:52 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtcf595564#\ddd83eb843c6531b608b3303dd9f997d\System.Runtime.Numerics.ni.dll
MOD - [2014/05/16 04:42:50 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Linqbd02a4fb#\1e1404c2b5da3888fe1fb4a82f45c4d7\System.Linq.Expressions.ni.dll
MOD - [2014/05/16 04:42:44 | 000,168,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IO.Cb3b124c8#\f7a43000e540605d6e0e171da4c2f1d4\System.IO.Compression.ni.dll
MOD - [2014/05/16 04:42:39 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Colldfb0b5ae#\6f8ded828a8d1b1f4a7976b73cf21573\System.Collections.Concurrent.ni.dll
MOD - [2014/05/09 21:10:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Text2f5a8366#\5fe841aca0e2050c16053dc1e744e43b\System.Text.RegularExpressions.ni.dll
MOD - [2014/05/09 21:10:14 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Refl9c203d4d#\b937d907fc3074ee680d24514c61e37f\System.Reflection.Extensions.ni.dll
MOD - [2014/05/06 22:27:10 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/02 21:21:24 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Text.Encoding\8b843c36b88d5c581c163a6f26432aa5\System.Text.Encoding.ni.dll
MOD - [2014/05/02 21:21:21 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt6a32fdc5#\e689a3a0890ef282d7e70d3367726e7b\System.Runtime.Serialization.Xml.ni.dll
MOD - [2014/05/02 21:21:18 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Linq\5c5aaf5812afcf70f2136a13213c9d57\System.Linq.ni.dll
MOD - [2014/05/02 21:21:01 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Threading\88c5bb75b5fc29305a51f21d77640cba\System.Threading.ni.dll
MOD - [2014/05/02 21:20:57 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt1e58aa76#\7ea522010e4f517cf62d62292d3f68b2\System.Runtime.Extensions.ni.dll
MOD - [2014/05/02 21:20:53 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.dd7e8ed3#\d91914bd63231b7c293abb207861c919\System.Xml.ReaderWriter.ni.dll
MOD - [2014/05/02 21:20:50 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Globalization\ce0c7f8b567ffa67ee20fc986defe319\System.Globalization.ni.dll
MOD - [2014/05/02 21:20:47 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Reflection\66943ffdb6c6209cf0340c6a256bf169\System.Reflection.ni.dll
MOD - [2014/05/02 21:20:27 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.XDocument\7ad708c95cf753ab197ba6e9463eab36\System.Xml.XDocument.ni.dll
MOD - [2014/05/02 15:24:32 | 000,572,504 | ---- | M] () -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
MOD - [2014/05/02 09:48:20 | 000,337,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll
MOD - [2014/05/02 09:48:16 | 000,012,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt9e372c89#\b3ad6730fe2c9bc26d2656994615e29e\System.Runtime.InteropServices.ni.dll
MOD - [2014/05/02 09:48:13 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IO\232833346ca4e705c2a15dd57af73bac\System.IO.ni.dll
MOD - [2014/05/02 09:48:10 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.429e8964#\d875b108d13cb8d893ac4c27fff8f539\System.Xml.XmlSerializer.ni.dll
MOD - [2014/05/02 09:48:07 | 001,282,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
MOD - [2014/05/02 09:47:58 | 000,304,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
MOD - [2014/05/02 09:47:53 | 000,009,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\7ab875026ab88e106bf40c8db4f640a1\System.Threading.Tasks.ni.dll
MOD - [2014/05/02 09:44:16 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Collections\ebeafb298ff3f25b6291e44deceb1d0c\System.Collections.ni.dll
MOD - [2014/05/02 09:43:44 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.caf7096d#\a609227cf29283a141334946144866f3\System.Net.Primitives.ni.dll
MOD - [2014/05/02 09:42:40 | 000,770,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll
MOD - [2014/05/02 09:42:27 | 000,960,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
MOD - [2014/05/02 09:42:18 | 003,530,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
MOD - [2014/05/02 09:41:43 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\67dd353e70bac0caa6a7dde153081d12\System.ObjectModel.ni.dll
MOD - [2014/05/02 09:41:38 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Diagaa8d7fa5#\a374d5cee262e00ef48bb80a46ef261b\System.Diagnostics.Debug.ni.dll
MOD - [2014/05/02 09:41:34 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servdea05680#\0c4ca02c69ce55cfcfefb541f195d705\System.ServiceModel.Primitives.ni.dll
MOD - [2014/05/02 09:41:29 | 000,797,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
MOD - [2014/05/02 09:41:21 | 000,133,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll
MOD - [2014/05/02 09:41:18 | 000,238,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
MOD - [2014/05/02 09:41:14 | 000,402,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll
MOD - [2014/05/02 09:41:08 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtdf6812ee#\b7c90cd61aa57b4858a896d7e33c30d9\System.Runtime.Serialization.Primitives.ni.dll
MOD - [2014/05/02 09:41:05 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\ee53227bcc4430088d0b560752c1cd02\System.ServiceModel.Internals.ni.dll
MOD - [2014/05/02 09:40:52 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\352d34797f7cd44cd0973c33539200f1\SMDiagnostics.ni.dll
MOD - [2014/05/02 09:40:45 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
MOD - [2014/05/02 09:40:35 | 000,808,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
MOD - [2014/05/02 09:40:28 | 000,018,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime\7bf2203bf2d88857c463948cccf6156c\System.Runtime.ni.dll
MOD - [2014/05/02 09:40:25 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtbff93e24#\1849d6bdd0f61a224d41ac2963221204\System.Runtime.InteropServices.WindowsRuntime.ni.dll
MOD - [2014/05/02 09:40:23 | 001,130,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
MOD - [2014/05/01 12:41:08 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6f7a4225a199ad7894379512ca6ae50c\System.Xml.Linq.ni.dll
MOD - [2014/05/01 12:41:06 | 007,802,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dll
MOD - [2014/05/01 12:40:05 | 019,566,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742\System.ServiceModel.ni.dll
MOD - [2014/05/01 12:39:14 | 000,573,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt0d283adf#\32aee6654d81a07e698f9ee18c886a2a\System.Runtime.WindowsRuntime.ni.dll
MOD - [2014/05/01 12:39:14 | 000,098,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtc259d85b#\ed68489987b413410ccb94c6e704f6b4\System.Runtime.WindowsRuntime.UI.Xaml.ni.dll
MOD - [2014/05/01 12:39:10 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a\System.Runtime.Serialization.ni.dll
MOD - [2014/05/01 12:38:59 | 000,522,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.Http\5ba9e9e2d2253e30f3f28e12016e441d\System.Net.Http.ni.dll
MOD - [2014/05/01 12:38:25 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dll
MOD - [2014/05/01 12:32:18 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dll
MOD - [2014/05/01 12:31:49 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dll
MOD - [2014/03/27 11:23:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/01/27 07:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2013/12/04 14:24:27 | 000,593,464 | ---- | M] () -- C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/05/16 04:40:06 | 002,266,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/05/14 12:17:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/04/27 12:20:40 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/06 07:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/03/23 22:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/23 22:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/08 01:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 03:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 11:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 05:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 05:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 05:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 05:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 05:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/27 11:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/12/13 10:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/12/10 03:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 00:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/09/30 00:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/08/23 00:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/07/20 02:01:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2014/05/13 21:27:27 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/06 22:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/03 18:08:13 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/05/03 18:08:13 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2014/05/02 15:24:31 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/04/07 03:06:58 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/04/06 23:00:42 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/01/21 15:25:34 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/30 00:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/15 16:05:58 | 000,191,424 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Charter Security Suite\fshoster32.exe -- (fshoster)
SRV - [2012/07/13 05:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/11/25 19:32:36 | 000,687,400 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/05/15 12:17:40 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/15 12:17:40 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/15 12:17:40 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/14 12:17:31 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/14 12:17:31 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/14 12:17:31 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/14 12:17:31 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/14 12:17:30 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/23 22:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/23 22:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/23 22:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/19 23:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 08:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 16:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/08 16:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/22 12:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 11:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/02/22 11:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 11:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/02/22 11:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 11:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 11:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 11:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 08:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/13 10:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/13 10:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/04 16:58:35 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/10 22:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 07:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/25 21:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/09/30 00:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 23:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/29 23:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 07:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 07:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 10:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/16 20:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/07/04 23:18:06 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2014/02/11 02:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/02/11 02:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33D0B8F7-D807-446F-B347-B2744D89F8F7}: "URL" = http://www.bing.com/...E10TR&pc=MAGWJS
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C52F67DD-4AF4-410D-B356-C71D23DE324C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C52F67DD-4AF4-410D-B356-C71D23DE324C}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://ws.infospace....w={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{3B32632F-C85A-444D-B977-DB8A927F5E5F}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}: "URL" = http://www.dnsbasic....s={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{855EB2F6-A22F-4289-82CE-3474A6F4E29D}: "URL" = http://search.condui...6316829764&UM=2
IE - HKCU\..\SearchScopes\{C52F67DD-4AF4-410D-B356-C71D23DE324C}: "URL" = http://search.condui...3132149919&UM=2
IE - HKCU\..\SearchScopes\{EE0D6F95-3CC8-47A2-B90A-876930E717B0}: "URL" = http://us.yhs4.searc...,19669,0,6,7635
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.9: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.9.17: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Koony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/05/02 15:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/05/02 15:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/06/12 19:19:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/06/12 19:13:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/01 19:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koony\AppData\Roaming\mozilla\Extensions
[2014/06/07 17:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Koony\AppData\Roaming\mozilla\Firefox\Profiles\2fknfz9w.default-1402175433890\extensions
[2014/05/12 11:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/12 11:40:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/12 19:19:45 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.yahoo.co...t&type=avastbcl
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: HelloFax: 50 Free Fax Pages = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.20_0\
CHR - Extension: Google Search = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: RealPlayer Downloader = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.9_0\
CHR - Extension: Google Wallet = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

Hosts file not found
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [F-Secure Hoster (42626)] C:\Program Files (x86)\Charter Security Suite\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Koony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.159.64.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75455516-D449-48BD-87AD-920195878516}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.159.64.23
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/13 01:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/09 18:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2014/06/07 17:10:41 | 000,000,000 | ---D | C] -- C:\Users\Koony\Desktop\Old Firefox Data
[2014/06/01 09:42:44 | 000,000,000 | ---D | C] -- C:\Users\Koony\AppData\Local\Skype
[2014/06/01 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\Koony\AppData\Roaming\Skype
[2014/06/01 09:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/06/01 09:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/06/01 09:42:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/06/01 09:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/06/01 09:40:39 | 000,000,000 | ---D | C] -- C:\Users\Koony\AppData\Roaming\ARecEngine
[2014/05/24 19:18:28 | 000,000,000 | ---D | C] -- C:\Users\Koony\AppData\Roaming\NCH Software
[2014/05/24 19:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2014/05/24 19:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2014/05/24 19:09:11 | 000,000,000 | ---D | C] -- C:\Users\Koony\Documents\Adobe
[2014/05/22 22:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/05/22 22:57:11 | 000,000,000 | ---D | C] -- C:\Users\Koony\AppData\Roaming\Notepad++
[2014/05/22 22:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/05/21 21:15:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2014/05/21 21:06:55 | 000,000,000 | ---D | C] -- C:\Users\Koony\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/05/21 20:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/05/21 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2014/05/21 20:28:34 | 000,000,000 | ---D | C] -- C:\Users\Koony\Adobe Flash Builder 4.6
[2014/05/21 20:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2014/05/21 20:13:14 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys
[2014/05/21 20:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2014/05/21 20:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2014/05/21 20:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2014/05/21 20:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/05/21 20:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2014/05/21 20:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/05/21 19:21:41 | 000,000,000 | ---D | C] -- C:\Users\Koony\Desktop\Adobe CS6 Master Collection
[2014/05/21 11:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/05/21 11:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photoshop CS6
[2014/05/19 22:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/05/19 22:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/05/19 22:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/05/14 12:17:29 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

========== Files - Modified Within 30 Days ==========

[2014/06/13 09:51:16 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/13 09:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/13 09:11:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/13 03:59:59 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/13 03:59:38 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/13 03:59:14 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/13 03:58:09 | 000,000,454 | ---- | M] () -- C:\WINDOWS\tasks\Wise Care 365.job
[2014/06/13 03:57:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/13 03:57:03 | 3183,460,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/12 19:20:39 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/11 17:00:38 | 000,149,332 | ---- | M] () -- C:\Users\Koony\Desktop\Dollar General Employee Info.png
[2014/06/08 20:18:31 | 000,000,406 | ---- | M] () -- C:\Users\Koony\Desktop\Fiverr Document.rtf
[2014/06/05 13:07:40 | 000,827,767 | ---- | M] () -- C:\Users\Koony\Desktop\Work Keys Duane 3.pdf
[2014/06/01 09:42:20 | 000,002,531 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/05/31 21:19:04 | 000,000,000 | ---- | M] () -- C:\end
[2014/05/29 17:00:17 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\Wise Turbo Checker.job
[2014/05/27 01:01:59 | 000,007,605 | ---- | M] () -- C:\Users\Koony\AppData\Local\resmon.resmoncfg
[2014/05/24 19:18:18 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2014/05/22 22:57:16 | 000,001,076 | ---- | M] () -- C:\Users\Koony\Desktop\Notepad++.lnk
[2014/05/21 21:39:09 | 005,098,592 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/05/21 20:20:57 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2014/05/19 22:46:22 | 000,000,286 | ---- | M] () -- C:\Users\Koony\Desktop\index.html
[2014/05/15 12:17:40 | 001,039,096 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys
[2014/05/15 12:17:40 | 000,423,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys
[2014/05/15 12:17:40 | 000,085,328 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys
[2014/05/14 12:17:31 | 001,039,096 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsnx.sys.1400170659609
[2014/05/14 12:17:31 | 000,423,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys.1400170659609
[2014/05/14 12:17:31 | 000,334,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2014/05/14 12:17:31 | 000,208,416 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys
[2014/05/14 12:17:31 | 000,079,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys
[2014/05/14 12:17:31 | 000,065,776 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys
[2014/05/14 12:17:31 | 000,029,208 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2014/05/14 12:17:30 | 000,093,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys
[2014/05/14 12:17:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

========== Files Created - No Company Name ==========

[2014/06/11 17:00:37 | 000,149,332 | ---- | C] () -- C:\Users\Koony\Desktop\Dollar General Employee Info.png
[2014/06/08 20:18:31 | 000,000,406 | ---- | C] () -- C:\Users\Koony\Desktop\Fiverr Document.rtf
[2014/06/05 13:07:40 | 000,827,767 | ---- | C] () -- C:\Users\Koony\Desktop\Work Keys Duane 3.pdf
[2014/06/01 09:42:20 | 000,002,531 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/05/27 00:59:28 | 000,007,605 | ---- | C] () -- C:\Users\Koony\AppData\Local\resmon.resmoncfg
[2014/05/24 19:18:18 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2014/05/24 19:18:18 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Prism Video File Converter.lnk
[2014/05/22 22:57:16 | 000,001,076 | ---- | C] () -- C:\Users\Koony\Desktop\Notepad++.lnk
[2014/05/21 20:20:57 | 000,002,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2014/05/21 20:20:57 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2014/05/21 20:20:56 | 000,002,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2014/05/21 20:14:04 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2014/05/21 20:08:59 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2014/05/16 12:52:12 | 000,000,286 | ---- | C] () -- C:\Users\Koony\Desktop\index.html
[2014/05/14 12:17:34 | 000,029,208 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswHwid.sys
[2014/04/27 18:27:15 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 19:15:22 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/12/19 19:40:01 | 000,000,108 | ---- | C] () -- C:\Users\Koony\AppData\Roaming\WB.CFG
[2013/12/13 10:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/12/04 15:00:46 | 000,000,258 | RHS- | C] () -- C:\Users\Koony\ntuser.pol
[2013/12/04 14:08:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/09/26 20:02:38 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/26 20:02:38 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/26 20:02:36 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/26 20:02:18 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/26 20:02:18 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/01 23:10:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\3b213226203c332727362727333524_c

========== ZeroAccess Check ==========

[2013/12/04 21:42:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/04/06 12:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 11:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/06/12 18:46:48 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\ARecEngine
[2014/03/27 11:26:19 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\AVAST Software
[2013/05/26 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\casualArts
[2014/01/04 14:57:44 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\cerasus.media
[2014/03/22 23:16:01 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\Chinese Dragon
[2014/05/22 22:57:55 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\Notepad++
[2014/05/21 21:06:55 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/06/12 19:14:27 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\uTorrent
[2013/03/24 17:44:49 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\WildTangent
[2014/06/13 03:58:36 | 000,000,000 | ---D | M] -- C:\Users\Koony\AppData\Roaming\Wise Care 365

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Users\Koony\SkyDrive:ms-properties

< End of report >

#2
kikiera

Posted 16 June 2014 - 11:26 AM

Member

Topic Starter
Member
66 posts

While waiting for a response to my topic I went forward and ran AdwCleaner. The AdwCleaner Log follows:

# AdwCleaner v3.212 - Report created 14/06/2014 at 01:01:37
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Koony - SHARONJONESHALL
# Running from : C:\Users\Koony\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\otshot
Folder Deleted : C:\Users\Koony\AppData\Local\Conduit
Folder Deleted : C:\Users\Koony\AppData\Local\DefineExt
Folder Deleted : C:\Users\Koony\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Koony\AppData\LocalLow\PriceGong
File Deleted : C:\END
File Deleted : C:\WINDOWS\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3293216
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Koony\AppData\Roaming\Mozilla\Firefox\Profiles\20ocsh76.default\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [12373 octets] - [14/06/2014 00:40:14]
AdwCleaner[S0].txt - [11831 octets] - [14/06/2014 01:01:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11892 octets] ##########

#3
Naathim

Posted 16 June 2014 - 11:50 PM

GeekU Minion

Expert
4,568 posts

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Sorry we've missed you, this forum was quite busy lately.

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start the fight!

Performing general FRST scan

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Right click on to Run as Administrator
(XP users click run after receipt of Windows Security Warning - Open File).
When the tool opens click Yes to disclaimer.
You will be presented with a window like below:
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

= = = = = = = = = = = = = = = = = = = =

GMER scanner for the lurking rootkits

Please download GMER and save it to your desktop.

it will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.
Disconnect from the Internet and close all running programs
Temporarily disable any real-time active protection
It is very important you do not use your computer while GMER is running
Right-click on the randomly named GMER icon and choose Run as Administrator
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan

If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

Please check in the Quick scan box
Please uncheck the following:

IAT/EAT
Show All

Click Scan
If you see a rootkit warning window click OK
When the scan is finished, Save the results to your desktop as gmer.log
Click Copy then paste the results in your reply
Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

If you encounter any problems, try running GMER in Safe Mode
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

= = = = = = = = = = = = = = = = = = = =

Now in your next reply please include these ones for my review:
FRST.txt
Addition.txt
GMER report

I don't mind multiple posts if necessary.

Cheers,
Naat

#4
kikiera

Posted 17 June 2014 - 10:50 AM

Member

Topic Starter
Member
66 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2014
Ran by Koony (administrator) on SHARONJONESHALL on 17-06-2014 11:00:07
Running from C:\Users\Koony\Downloads
Platform: Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_2.1.1405.2329_x86__8wekyb3d8bbwe\Taptiles.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-07-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [F-Secure Hoster (42626)] => C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-06-12] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-05-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\S-1-5-21-1077101162-4101747896-2045992607-1002\...\Run: [SkyDrive] => C:\Users\Koony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-15] (Microsoft Corporation)
HKU\S-1-5-21-1077101162-4101747896-2045992607-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - {33D0B8F7-D807-446F-B347-B2744D89F8F7} URL = http://www.bing.com/...E10TR&pc=MAGWJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {33D0B8F7-D807-446F-B347-B2744D89F8F7} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 66.189.0.100 24.159.64.23

FireFox:
========
FF ProfilePath: C:\Users\Koony\AppData\Roaming\Mozilla\Firefox\Profiles\20ocsh76.default
FF Homepage: www.msn.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Koony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-21]

Chrome:
=======
CHR HomePage: https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: "hxxp://www.msn.com/"
CHR Extension: (Google Docs) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-30]
CHR Extension: (Google Drive) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-30]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-03-31]
CHR Extension: (Google Search) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-30]
CHR Extension: (avast! Online Security) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-27]
CHR Extension: (RealPlayer Downloader) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]
CHR Extension: (Gmail) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-03] (WildTangent)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-02] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-14] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-11] (Symantec Corporation) [File not signed]
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-04] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-17 11:00 - 2014-06-17 11:00 - 00019355 _____ () C:\Users\Koony\Downloads\FRST.txt
2014-06-17 10:59 - 2014-06-17 11:00 - 00000000 ____D () C:\FRST
2014-06-17 10:58 - 2014-06-17 10:59 - 00001474 _____ () C:\Users\Koony\Desktop\FRST64 - Shortcut.lnk
2014-06-17 10:58 - 2014-06-17 10:58 - 02081280 _____ (Farbar) C:\Users\Koony\Downloads\FRST64.exe
2014-06-15 16:55 - 2014-06-15 17:15 - 00000000 ____D () C:\Users\Koony\Desktop\Trey's Study Sheets
2014-06-14 01:21 - 2014-06-14 01:21 - 00012161 _____ () C:\Users\Koony\Desktop\AdwCleaner[S0].txt
2014-06-14 00:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-14 00:07 - 2014-06-14 00:07 - 00001259 _____ () C:\Users\Koony\Desktop\adwcleaner_3.212 - Shortcut.lnk
2014-06-13 10:39 - 2014-06-14 01:02 - 00000000 ____D () C:\AdwCleaner
2014-06-13 10:34 - 2014-06-13 10:34 - 01333465 _____ () C:\Users\Koony\Downloads\adwcleaner_3.212.exe
2014-06-13 10:22 - 2014-06-16 13:28 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 10:21 - 2014-06-13 10:21 - 00162330 _____ () C:\Users\Koony\Desktop\OTL.Txt
2014-06-13 09:51 - 2014-06-13 09:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 09:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-13 09:51 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-13 09:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-13 09:46 - 2014-06-13 09:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Koony\Downloads\RANDOM NAME.exe
2014-06-13 04:24 - 2014-06-13 04:24 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-13 01:55 - 2014-06-13 10:08 - 00162330 _____ () C:\Users\Koony\Downloads\OTL.Txt
2014-06-13 01:47 - 2014-06-13 01:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 01:21 - 2014-06-13 01:21 - 00602112 _____ (OldTimer Tools) C:\Users\Koony\Downloads\OTL.exe
2014-06-12 23:36 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-12 23:36 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-12 23:36 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-12 23:36 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-06-12 23:36 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-12 23:36 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-12 23:36 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-12 23:36 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-12 23:36 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-12 23:36 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-12 23:36 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-12 23:36 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-12 23:36 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-12 23:36 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-06-12 23:36 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-12 23:36 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-12 23:36 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-12 23:36 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-12 23:36 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-12 23:36 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-12 23:36 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-12 23:36 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-12 23:36 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-12 23:36 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-12 23:36 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-12 23:36 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-12 23:36 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-12 23:36 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-12 23:36 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-12 23:36 - 2014-05-09 23:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-12 23:36 - 2014-05-09 23:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-12 23:36 - 2014-05-08 19:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-06-12 23:36 - 2014-05-03 03:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-12 23:36 - 2014-05-03 00:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-12 23:36 - 2014-05-03 00:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-12 23:36 - 2014-05-02 23:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-06-12 23:36 - 2014-05-02 23:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-12 23:36 - 2014-04-30 07:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-12 23:36 - 2014-04-29 23:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-12 23:36 - 2014-04-03 03:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-12 23:36 - 2014-04-03 03:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-06-12 23:36 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-06-12 23:36 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-12 23:36 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-06-12 23:36 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-12 23:36 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-06-12 23:36 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-06-12 23:36 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-12 23:36 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-06-12 23:36 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-12 23:36 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-12 23:36 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-06-12 23:36 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-12 23:35 - 2014-05-05 00:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-12 23:35 - 2014-04-18 05:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-06-12 23:35 - 2014-04-18 04:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-06-12 23:35 - 2014-04-18 04:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-06-12 23:35 - 2014-04-18 04:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-06-12 23:35 - 2014-04-18 03:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-06-12 23:35 - 2014-04-18 03:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-06-12 23:35 - 2014-04-09 00:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-06-12 23:35 - 2014-04-06 12:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-06-12 23:35 - 2014-04-06 11:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-06-12 23:35 - 2014-04-06 10:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-06-12 23:35 - 2014-04-06 08:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-06-12 23:35 - 2014-04-06 07:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-06-12 23:35 - 2014-04-06 07:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-06-12 23:35 - 2014-04-06 06:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-06-12 23:35 - 2014-04-06 06:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-06-12 23:35 - 2014-04-06 06:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-06-12 23:35 - 2014-04-06 06:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-06-12 23:35 - 2014-04-06 06:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-06-12 23:35 - 2014-04-03 04:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-12 23:35 - 2014-04-02 23:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-12 23:35 - 2014-04-02 22:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-12 23:35 - 2014-04-02 22:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-12 23:35 - 2014-04-02 22:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-06-12 23:35 - 2014-04-02 22:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-06-12 23:35 - 2014-04-02 22:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-12 23:35 - 2014-03-31 01:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-12 23:35 - 2014-03-30 18:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-06-12 23:35 - 2014-03-28 11:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-06-12 23:35 - 2014-03-26 23:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-06-12 23:35 - 2014-03-24 18:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-12 23:35 - 2014-03-19 20:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-12 23:35 - 2014-03-19 19:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-12 23:35 - 2014-03-19 04:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-06-12 23:35 - 2014-03-19 00:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-06-12 23:35 - 2014-03-18 01:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-06-12 23:35 - 2014-03-18 00:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-06-12 23:35 - 2014-03-17 01:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-12 23:35 - 2014-03-17 00:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-12 23:35 - 2014-03-16 23:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-06-12 23:35 - 2014-03-16 22:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-12 23:35 - 2014-03-14 02:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-06-12 23:35 - 2014-03-14 02:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-06-12 23:35 - 2014-03-06 08:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-06-12 23:34 - 2014-05-19 02:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-12 23:34 - 2014-05-19 02:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-12 23:34 - 2014-05-19 01:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-12 23:34 - 2014-04-30 00:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-06-12 23:34 - 2014-04-30 00:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-06-12 23:34 - 2014-04-29 23:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-06-12 23:34 - 2014-04-18 10:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-06-12 23:34 - 2014-04-18 10:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-06-12 23:34 - 2014-04-18 09:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-06-12 23:34 - 2014-04-18 05:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-06-12 23:34 - 2014-04-18 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-06-12 23:34 - 2014-04-14 05:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-06-12 23:34 - 2014-04-14 04:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-06-12 23:34 - 2014-04-11 00:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-06-12 23:34 - 2014-04-11 00:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-06-12 23:34 - 2014-04-10 23:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-06-12 23:34 - 2014-04-09 07:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-12 23:34 - 2014-04-09 02:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-06-12 23:34 - 2014-04-09 01:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-06-12 23:34 - 2014-04-08 23:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-06-12 23:34 - 2014-04-07 22:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-06-12 23:34 - 2014-04-06 12:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-12 23:34 - 2014-04-06 12:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-12 23:34 - 2014-04-06 12:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-06-12 23:34 - 2014-04-06 12:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-06-12 23:34 - 2014-04-06 12:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-06-12 23:34 - 2014-04-06 12:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-06-12 23:34 - 2014-04-06 12:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-06-12 23:34 - 2014-04-06 11:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-06-12 23:34 - 2014-04-06 11:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-06-12 23:34 - 2014-04-06 08:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-06-12 23:34 - 2014-04-06 08:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-06-12 23:34 - 2014-04-06 08:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-06-12 23:34 - 2014-04-06 08:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-06-12 23:34 - 2014-04-06 07:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-06-12 23:34 - 2014-04-06 07:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-06-12 23:34 - 2014-04-06 07:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-06-12 23:34 - 2014-04-06 05:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-06-12 23:34 - 2014-04-03 04:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-06-12 23:34 - 2014-04-03 04:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-06-12 23:34 - 2014-04-03 00:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-06-12 23:34 - 2014-04-03 00:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-06-12 23:34 - 2014-04-02 22:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-06-12 23:34 - 2014-04-02 22:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-06-12 23:34 - 2014-04-01 02:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-06-12 23:34 - 2014-03-30 20:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-06-12 23:34 - 2014-03-30 20:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-06-12 23:34 - 2014-03-30 19:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-06-12 23:34 - 2014-03-30 18:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-06-12 23:34 - 2014-03-30 18:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-06-12 23:34 - 2014-03-30 18:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-12 23:34 - 2014-03-30 17:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-12 23:34 - 2014-03-27 02:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-12 23:34 - 2014-03-27 01:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-06-12 23:34 - 2014-03-27 00:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-06-12 23:34 - 2014-03-27 00:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-06-12 23:34 - 2014-03-27 00:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-06-12 23:34 - 2014-03-26 23:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-06-12 23:34 - 2014-03-26 23:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-06-12 23:34 - 2014-03-19 23:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-06-12 23:34 - 2014-03-19 04:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-06-12 23:34 - 2014-03-19 03:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-06-12 23:34 - 2014-03-19 03:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-06-12 23:34 - 2014-03-19 02:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-06-12 23:34 - 2014-03-19 01:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-06-12 23:34 - 2014-03-19 01:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-06-12 23:34 - 2014-03-19 01:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-06-12 23:34 - 2014-03-19 01:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-06-12 23:34 - 2014-03-19 01:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-06-12 23:34 - 2014-03-19 01:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-06-12 23:34 - 2014-03-19 00:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-06-12 23:34 - 2014-03-19 00:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-06-12 23:34 - 2014-03-18 04:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-06-12 23:34 - 2014-03-16 22:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-06-12 23:33 - 2014-05-01 09:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-12 23:33 - 2014-05-01 09:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-12 23:33 - 2014-05-01 03:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-12 23:33 - 2014-05-01 03:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-12 23:33 - 2014-05-01 02:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-12 23:33 - 2014-05-01 01:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-12 23:24 - 2014-06-16 17:52 - 00003354 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-12 23:24 - 2014-06-16 17:52 - 00003302 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-12 23:22 - 2014-06-17 10:46 - 01145086 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-09 18:44 - 2014-06-09 18:46 - 00000000 ____D () C:\ProgramData\DAEMON Tools Pro
2014-06-07 17:10 - 2014-06-07 17:10 - 00000000 ____D () C:\Users\Koony\Desktop\Old Firefox Data
2014-06-01 09:42 - 2014-06-17 10:24 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\Users\Koony\AppData\Local\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-01 09:40 - 2014-06-12 18:46 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\ARecEngine
2014-05-27 00:59 - 2014-05-27 01:01 - 00007605 _____ () C:\Users\Koony\AppData\Local\resmon.resmoncfg
2014-05-24 19:18 - 2014-05-25 09:19 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2014-05-24 19:18 - 2014-05-24 19:19 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00001133 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-24 19:09 - 2014-05-24 19:09 - 00000000 ____D () C:\Users\Koony\Documents\Adobe
2014-05-22 22:57 - 2014-05-22 22:57 - 00001076 _____ () C:\Users\Koony\Desktop\Notepad++.lnk
2014-05-22 22:57 - 2014-05-22 22:57 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Notepad++
2014-05-22 22:57 - 2014-05-22 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-22 22:57 - 2014-05-22 22:57 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-22 22:54 - 2014-05-22 22:55 - 07643919 _____ () C:\Users\Koony\Downloads\npp.6.6.3.Installer.exe
2014-05-21 21:15 - 2014-05-21 21:15 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-05-21 21:06 - 2014-05-21 21:06 - 00003516 _____ () C:\WINDOWS\System32\Tasks\[email protected]
2014-05-21 21:06 - 2014-05-21 21:06 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-21 20:56 - 2014-06-05 08:50 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-21 20:37 - 2014-05-21 20:37 - 00000000 ____D () C:\ProgramData\ALM
2014-05-21 20:28 - 2014-05-21 20:28 - 00000000 ____D () C:\Users\Koony\Adobe Flash Builder 4.6
2014-05-21 20:20 - 2014-06-12 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-05-21 20:20 - 2014-05-21 20:20 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-05-21 20:20 - 2014-05-21 20:20 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-05-21 20:20 - 2014-05-21 20:20 - 00002053 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-21 20:14 - 2014-05-21 20:14 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2014-05-21 20:13 - 2014-05-21 20:13 - 00000000 ____D () C:\Program Files (x86)\My Company Name
2014-05-21 20:13 - 2011-11-03 03:01 - 00056208 ____N (Rovi Corporation) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2014-05-21 20:13 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdralw2k.sys
2014-05-21 20:13 - 2011-10-17 03:00 - 00010224 ____N (Sonic Solutions) C:\WINDOWS\system32\Drivers\cdr4_xp.sys
2014-05-21 20:08 - 2014-05-21 20:08 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-21 20:08 - 2014-05-21 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-21 20:08 - 2014-05-21 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-21 20:01 - 2014-05-21 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2014-05-21 20:01 - 2014-05-21 20:48 - 00000000 ____D () C:\Program Files\Adobe
2014-05-21 19:21 - 2014-05-21 19:50 - 00000000 ____D () C:\Users\Koony\Desktop\Adobe CS6 Master Collection
2014-05-21 19:17 - 2014-05-21 19:17 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-05-21 13:11 - 2014-05-21 13:27 - 2365586577 _____ () C:\Users\Koony\Downloads\MasterCollection_CS6_LS16.7z
2014-05-21 13:10 - 2014-05-21 13:10 - 01055720 _____ (Adobe Systems Incorporated) C:\Users\Koony\Downloads\MasterCollection_CS6_LS16.exe
2014-05-21 11:59 - 2014-05-21 20:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-21 11:51 - 2014-05-21 12:00 - 00000000 ____D () C:\Program Files (x86)\Photoshop CS6
2014-05-19 22:21 - 2014-05-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-19 22:19 - 2014-05-19 22:21 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-19 22:19 - 2014-05-19 22:19 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-19 21:02 - 2014-05-06 18:29 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-05-19 21:00 - 2014-05-06 18:29 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-05-19 21:00 - 2014-05-06 18:29 - 00176040 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-05-19 20:53 - 2014-05-06 18:29 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

2014-06-17 11:00 - 2014-06-17 11:00 - 00019355 _____ () C:\Users\Koony\Downloads\FRST.txt
2014-06-17 11:00 - 2014-06-17 10:59 - 00000000 ____D () C:\FRST
2014-06-17 11:00 - 2013-12-04 14:15 - 00000000 ____D () C:\Users\Koony\AppData\Local\Temp
2014-06-17 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-17 10:59 - 2014-06-17 10:58 - 00001474 _____ () C:\Users\Koony\Desktop\FRST64 - Shortcut.lnk
2014-06-17 10:58 - 2014-06-17 10:58 - 02081280 _____ (Farbar) C:\Users\Koony\Downloads\FRST64.exe
2014-06-17 10:46 - 2014-06-12 23:22 - 01145086 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 10:43 - 2013-06-15 23:03 - 00005000 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SHARONJONESHALL-Koony Sharonjoneshall
2014-06-17 10:36 - 2013-03-15 22:57 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-17 10:32 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-17 10:27 - 2014-05-12 13:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-17 10:27 - 2013-06-30 17:24 - 00000000 ____D () C:\Users\Koony\AppData\Local\Adobe
2014-06-17 10:24 - 2014-06-01 09:42 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Skype
2014-06-17 10:23 - 2014-03-27 11:24 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-17 10:23 - 2013-10-06 19:32 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 10:23 - 2013-03-17 12:13 - 00000000 __RDO () C:\Users\Koony\SkyDrive
2014-06-17 10:21 - 2014-03-27 12:15 - 00000454 _____ () C:\WINDOWS\Tasks\Wise Care 365.job
2014-06-16 23:11 - 2013-10-06 19:32 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 17:52 - 2014-06-12 23:24 - 00003354 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-16 17:52 - 2014-06-12 23:24 - 00003302 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-16 17:52 - 2014-03-27 11:45 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Wise Care 365
2014-06-16 17:21 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-16 14:29 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-16 13:28 - 2014-06-13 10:22 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 17:15 - 2014-06-15 16:55 - 00000000 ____D () C:\Users\Koony\Desktop\Trey's Study Sheets
2014-06-14 22:39 - 2013-12-28 22:53 - 00003396 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-14 22:39 - 2013-12-28 22:53 - 00003376 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-14 22:39 - 2013-12-28 22:53 - 00003324 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-14 15:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-14 01:21 - 2014-06-14 01:21 - 00012161 _____ () C:\Users\Koony\Desktop\AdwCleaner[S0].txt
2014-06-14 01:14 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-14 01:11 - 2013-03-15 22:49 - 00000000 ___RD () C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-14 01:11 - 2013-03-15 22:49 - 00000000 ___RD () C:\Users\Koony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-14 01:09 - 2013-08-22 10:44 - 05098592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-14 01:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-06-14 01:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-06-14 01:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-06-14 01:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-06-14 01:02 - 2014-06-13 10:39 - 00000000 ____D () C:\AdwCleaner
2014-06-14 00:07 - 2014-06-14 00:07 - 00001259 _____ () C:\Users\Koony\Desktop\adwcleaner_3.212 - Shortcut.lnk
2014-06-14 00:07 - 2014-04-07 10:26 - 00169984 ___SH () C:\Users\Koony\Downloads\Thumbs.db
2014-06-14 00:07 - 2014-02-11 20:14 - 00316416 ___SH () C:\Users\Koony\Desktop\Thumbs.db
2014-06-13 11:31 - 2014-04-01 09:18 - 00000000 ____D () C:\Users\Koony\Desktop\AND
2014-06-13 10:34 - 2014-06-13 10:34 - 01333465 _____ () C:\Users\Koony\Downloads\adwcleaner_3.212.exe
2014-06-13 10:21 - 2014-06-13 10:21 - 00162330 _____ () C:\Users\Koony\Desktop\OTL.Txt
2014-06-13 10:08 - 2014-06-13 01:55 - 00162330 _____ () C:\Users\Koony\Downloads\OTL.Txt
2014-06-13 09:51 - 2014-06-13 09:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 09:47 - 2014-06-13 09:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Koony\Downloads\RANDOM NAME.exe
2014-06-13 04:31 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-13 04:24 - 2014-06-13 04:24 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-13 03:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-06-13 01:47 - 2014-06-13 01:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 01:21 - 2014-06-13 01:21 - 00602112 _____ (OldTimer Tools) C:\Users\Koony\Downloads\OTL.exe
2014-06-12 23:15 - 2014-02-23 23:10 - 00000000 ____D () C:\Users\Koony\AppData\Local\CrashDumps
2014-06-12 19:46 - 2013-12-04 14:15 - 00000000 ____D () C:\Users\Koony
2014-06-12 19:20 - 2014-03-27 11:25 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-12 19:20 - 2014-03-27 11:25 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-12 19:15 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-06-12 19:14 - 2014-05-10 01:44 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\uTorrent
2014-06-12 19:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-06-12 19:13 - 2014-05-21 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-06-12 19:13 - 2014-03-27 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-12 19:13 - 2013-10-27 12:51 - 00000000 ____D () C:\Program Files (x86)\Charter Security Suite
2014-06-12 19:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-12 19:13 - 2013-03-15 22:48 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-06-12 18:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2014-06-12 18:46 - 2014-06-01 09:40 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\ARecEngine
2014-06-12 18:46 - 2013-03-15 22:48 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Adobe
2014-06-12 18:43 - 2013-10-06 19:27 - 00000000 ____D () C:\ProgramData\Real
2014-06-12 18:42 - 2013-03-25 11:46 - 00000000 __RHD () C:\MSOCache
2014-06-12 17:07 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-12 16:35 - 2013-08-16 15:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-09 18:46 - 2014-06-09 18:44 - 00000000 ____D () C:\ProgramData\DAEMON Tools Pro
2014-06-07 17:10 - 2014-06-07 17:10 - 00000000 ____D () C:\Users\Koony\Desktop\Old Firefox Data
2014-06-05 08:50 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-01 09:42 - 2014-06-01 09:42 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\Users\Koony\AppData\Local\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-31 21:24 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(271)
2014-05-31 12:29 - 2013-03-15 22:46 - 00000000 ____D () C:\Users\Koony\AppData\Local\Packages
2014-05-31 01:13 - 2014-05-01 12:24 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 01:13 - 2014-05-01 12:24 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-30 06:21 - 2014-06-12 23:36 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-30 05:45 - 2014-06-12 23:36 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-05-30 05:28 - 2014-06-12 23:36 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-05-30 05:20 - 2014-06-12 23:36 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-12 23:36 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-30 05:08 - 2014-06-12 23:36 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-12 23:36 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-05-30 04:46 - 2014-06-12 23:36 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-12 23:36 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-12 23:36 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-05-30 04:38 - 2014-06-12 23:36 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-12 23:36 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-05-30 04:29 - 2014-06-12 23:36 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-05-30 04:27 - 2014-06-12 23:36 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-05-30 04:23 - 2014-06-12 23:36 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-12 23:36 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-05-30 04:04 - 2014-06-12 23:36 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-12 23:36 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-12 23:36 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-12 23:36 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-05-30 03:54 - 2014-06-12 23:36 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-05-30 03:49 - 2014-06-12 23:36 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-12 23:36 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-12 23:36 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-12 23:36 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-12 23:36 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-12 23:36 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-12 23:36 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-12 23:36 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-05-29 17:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-29 17:00 - 2014-03-27 12:15 - 00000434 _____ () C:\WINDOWS\Tasks\Wise Turbo Checker.job
2014-05-27 01:07 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-05-27 01:01 - 2014-05-27 00:59 - 00007605 _____ () C:\Users\Koony\AppData\Local\resmon.resmoncfg
2014-05-27 00:53 - 2013-10-25 19:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-25 09:19 - 2014-05-24 19:18 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2014-05-25 05:39 - 2013-03-17 12:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-24 19:19 - 2014-05-24 19:18 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00001133 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-24 19:09 - 2014-05-24 19:09 - 00000000 ____D () C:\Users\Koony\Documents\Adobe
2014-05-22 22:57 - 2014-05-22 22:57 - 00001076 _____ () C:\Users\Koony\Desktop\Notepad++.lnk
2014-05-22 22:57 - 2014-05-22 22:57 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Notepad++
2014-05-22 22:57 - 2014-05-22 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-05-22 22:57 - 2014-05-22 22:57 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-05-22 22:55 - 2014-05-22 22:54 - 07643919 _____ () C:\Users\Koony\Downloads\npp.6.6.3.Installer.exe
2014-05-22 06:15 - 2013-06-30 17:24 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-21 21:15 - 2014-05-21 21:15 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-05-21 21:06 - 2014-05-21 21:06 - 00003516 _____ () C:\WINDOWS\System32\Tasks\[email protected]
2014-05-21 21:06 - 2014-05-21 21:06 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-21 20:52 - 2014-05-21 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2014-05-21 20:48 - 2014-05-21 20:01 - 00000000 ____D () C:\Program Files\Adobe
2014-05-21 20:48 - 2014-05-21 11:59 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-21 20:47 - 2013-06-30 17:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-21 20:37 - 2014-05-21 20:37 - 00000000 ____D () C:\ProgramData\ALM
2014-05-21 20:28 - 2014-05-21 20:28 - 00000000 ____D () C:\Users\Koony\Adobe Flash Builder 4.6
2014-05-21 20:20 - 2014-05-21 20:20 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-05-21 20:20 - 2014-05-21 20:20 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-05-21 20:20 - 2014-05-21 20:20 - 00002053 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-21 20:14 - 2014-05-21 20:14 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2014-05-21 20:13 - 2014-05-21 20:13 - 00000000 ____D () C:\Program Files (x86)\My Company Name
2014-05-21 20:08 - 2014-05-21 20:08 - 00001020 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-05-21 20:08 - 2014-05-21 20:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-21 20:08 - 2014-05-21 20:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-21 19:50 - 2014-05-21 19:21 - 00000000 ____D () C:\Users\Koony\Desktop\Adobe CS6 Master Collection
2014-05-21 19:17 - 2014-05-21 19:17 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-05-21 13:27 - 2014-05-21 13:11 - 2365586577 _____ () C:\Users\Koony\Downloads\MasterCollection_CS6_LS16.7z
2014-05-21 13:10 - 2014-05-21 13:10 - 01055720 _____ (Adobe Systems Incorporated) C:\Users\Koony\Downloads\MasterCollection_CS6_LS16.exe
2014-05-21 12:00 - 2014-05-21 11:51 - 00000000 ____D () C:\Program Files (x86)\Photoshop CS6
2014-05-21 11:59 - 2013-10-06 19:31 - 00000000 ____D () C:\ProgramData\Google
2014-05-21 11:59 - 2013-06-30 17:25 - 00000000 ____D () C:\Users\Koony\AppData\Local\Google
2014-05-19 22:46 - 2014-05-16 12:52 - 00000286 _____ () C:\Users\Koony\Desktop\index.html
2014-05-19 22:21 - 2014-05-19 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-19 22:21 - 2014-05-19 22:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-19 22:19 - 2014-05-19 22:19 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-19 02:31 - 2014-06-12 23:34 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-19 02:21 - 2014-06-12 23:34 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-19 01:23 - 2014-06-12 23:34 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-19 00:06 - 2013-10-06 19:28 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Real

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-16 17:32

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2014
Ran by Koony at 2014-06-17 11:02:31
Running from C:\Users\Koony\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
100% Hidden Objects (x32 Version: 3.0.2.51 - WildTangent) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Charter Security Suite (HKLM-x32\...\F-Secure ServiceEnabler 42626) (Version: 1.83.311.0 - F-Secure Corporation)
Charter Security Suite (x32 Version: 1.83.311.0 - F-Secure Corporation) Hidden
Chinese Dragon (x32 Version: 3.0.2.59 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Easter Eggztravaganza 2 (x32 Version: 3.0.2.48 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Game Channels (x32 Version: 7.1.0.17 - WildTangent, Inc.) Hidden
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hidden Relics (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp (x32 Version: 12.0.0016 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recipe Hub Internet Explorer Toolbar (HKLM-x32\...\RecipeHub_2jbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Wise Care 365 2.95 (HKLM-x32\...\Wise Care 365_is1) (Version: 2.95 - WiseCleaner.com, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version: - PopCap Games)

==================== Restore Points =========================

13-06-2014 07:53:51 Windows Modules Installer

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {079E9C3D-B20E-492B-B221-5E956DBBA445} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1077101162-4101747896-2045992607-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {119BC8ED-BE8D-4827-8E9B-07FA207154AA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {12DC067F-36B3-400A-B63B-03EB237DEECC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {29624FC6-394A-41D8-B717-AB078C1A6568} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31477871-FA09-4AD3-BC66-86249380AB61} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM)
Task: {33ACCD6D-4F36-496B-B144-6B1CB04AB7DB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-14] (AVAST Software)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {43731F27-6771-482F-9F62-9EA96C137D85} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {464CEE57-9C87-4343-9B03-F329D6D64094} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {47B59DC3-5B90-45CB-9CC1-973C41C60205} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F5D8B63-3F16-4010-9547-54F3F7AFCFE2} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {58AD2026-F8E3-44B6-A30D-8A872848E8D4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {59ED0ADD-34E5-45EF-9F8B-648106DF9F69} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {657A72A1-060A-4CD8-BF22-C05CEDDA0662} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {69DFF248-259C-4D37-97F6-B63C1DA71F59} - System32\Tasks\Test TimeTrigger => C:\Users\Koony\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {71922917-A4AF-47F0-86E8-36E5AB4F0E28} - \LaunchApp No Task File <==== ATTENTION
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {746C9A25-5A35-4C5F-886A-FBF0677578BF} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C87C3D1-CE1D-4A72-9803-FC475A6D9250} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AF89F5B-A724-46C9-8745-F0543139342C} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E6E97C2-1786-4501-9BA4-34CA083EAF8A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {92200CD7-4925-44BE-A2F2-2AE3D4602DF6} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A040473A-F787-4B4F-94B3-8F66043722EC} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A8ECCD8F-213C-4798-8216-E4B9E062A1C4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SHARONJONESHALL-Koony Sharonjoneshall => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-13] (Microsoft Corporation)
Task: {A9504797-E88B-4D0D-AE1F-76B4FABA1EDA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-13] (Microsoft Corporation)
Task: {BD94E6FF-C04A-4385-B949-3AEF87F1C395} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {BEBE69D1-9A43-4AA1-901C-AE7BAE824266} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D993BAA8-E3A9-4D5E-BE93-B37FC50DDB5B} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DBED2083-CB46-4959-8699-1F010E79ED6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {DE6D017A-379E-48DA-995E-A209FEAA6314} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {E3AAAFC7-7187-49C2-82FD-87C6914CE0B0} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2013-12-09] (WiseCleaner.com)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC852B3A-E09D-4657-BCE7-C53333B94657} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {FC39081F-C5D2-4124-8539-6F41EF0DD9BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {FE7D5125-4CF7-48B7-9C6C-A5705BFA23B8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2014-03-27 17:19 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-03-17 12:05 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-05-13 21:04 - 2014-05-13 21:04 - 08889512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-07-20 02:01 - 2012-07-20 02:01 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-06-16 13:50 - 2014-06-16 13:50 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061600\algo.dll
2014-06-16 17:22 - 2014-06-16 17:22 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061601\algo.dll
2014-06-17 10:24 - 2014-06-17 10:24 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061700\algo.dll
2014-05-02 15:24 - 2014-05-02 15:24 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-03-27 11:23 - 2014-03-27 11:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-04 14:24 - 2013-12-04 14:24 - 00593464 _____ () C:\WINDOWS\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2014-04-10 18:25 - 2014-04-10 18:25 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-05-12 11:40 - 2014-05-06 22:27 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-02 09:42 - 2014-05-02 09:42 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
2014-05-02 09:42 - 2014-05-02 09:42 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00122880 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\d844f788b32033689d5afca27bb255a6\Arkadium.ApplicationFramework.ni.dll
2014-06-14 02:36 - 2014-06-14 02:36 - 01717760 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\3ceb21a5d6a35f64f318dee8b667a9ad\Arkadium.DailyChallengeModule.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00152064 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\94119bff3cfaa9a57ec27e09b3e6ca5b\Arkadium.AchievementsModule.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00249344 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\e7a9e0b77f831f5a0cc42115ceabf2a2\Arkadium.AwardsModule.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00310272 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\f7e5a15c9981431fd2f771b9481f83e0\Arkadium.LeaderboardModule.ni.dll
2014-06-14 02:35 - 2014-06-14 02:35 - 00596992 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\62aa74869419c4ed6d4e799d8feca938\Arkadium.Advertisement.ni.dll
2014-06-14 02:36 - 2014-06-14 02:36 - 00297984 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\52f0f29413f74d25394eadc236fce1c7\Arkadium.WindowsStoreModule.ni.dll
2014-05-02 09:40 - 2014-05-02 09:40 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
2014-05-02 09:48 - 2014-05-02 09:48 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll
2014-05-02 09:40 - 2014-05-02 09:40 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
2014-05-02 09:40 - 2014-05-02 09:40 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00122880 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\fc79342af60c7741b6569a2d61d90a1a\Arkadium.Xaml.Toolkit.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00258560 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\6aeb49424ffba822ec5d785ad67a7f28\Arkadium.CdnModule.ni.dll
2014-05-28 05:10 - 2014-05-28 05:10 - 00483840 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
2014-05-02 09:42 - 2014-05-02 09:42 - 00770560 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll
2014-05-28 05:10 - 2014-05-28 05:10 - 00227328 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\5c7c9f4bd1fc9e9f637b2435b69ce105\CEServices.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
2014-05-28 05:11 - 2014-05-28 05:11 - 00041984 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll
2014-05-02 09:47 - 2014-05-02 09:47 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-05-02 09:48 - 2014-05-02 09:48 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Koony\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2014 11:30:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 11:23:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 10:30:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 10:21:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 08:25:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 06:13:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 06:01:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 05:37:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 02:05:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2014 01:19:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (06/17/2014 10:24:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/16/2014 05:23:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error:
%%1008

Error: (06/16/2014 05:22:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/16/2014 05:21:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/16/2014 05:21:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/16/2014 05:21:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/16/2014 01:50:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/16/2014 10:38:43 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/15/2014 07:04:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/15/2014 06:06:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Microsoft Office Sessions:
=========================
Error: (06/16/2014 11:30:59 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 11:23:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 10:30:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 10:21:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 08:25:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 06:13:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 06:01:39 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 05:37:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 02:05:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/16/2014 01:19:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

CodeIntegrity Errors:
===================================
Date: 2014-02-10 19:37:31.620
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-10 19:37:31.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-10 19:37:28.104
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-10 19:37:27.948
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-06 19:30:27.009
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-06 19:30:26.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-06 19:30:22.650
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-05 07:15:14.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-05 07:15:14.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-05 07:15:12.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3794.98 MB
Available physical RAM: 2183.55 MB
Total Pagefile: 4649.99 MB
Available Pagefile: 2518.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:441.61 GB) (Free:344.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9093115C)

Partition: GPT Partition Type.

==================== End Of Log ============================

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-17 12:09:10
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000025 ST500DM002-1BD142 rev.KC45 465.76GB
Running: k157jde3.exe; Driver: C:\Users\Koony\AppData\Local\Temp\pfpyaaod.sys

---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 1                                                                                                                 fffff960001c5201 7 bytes [20, 0A, 02, 00, F0, 70, 01]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 9                                                                                                                 fffff960001c5209 6 bytes [88, B0, FF, 01, 23, DC]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\wininit.exe[604] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                          00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\winlogon.exe[660] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\lsass.exe[700] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                            00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[780] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                          00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[828] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                          00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\dwm.exe[928] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                              00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\atiesrxx.exe[992] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\atiesrxx.exe[992] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                        00007ff83e0b169a 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[992] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                        00007ff83e0b16a2 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[992] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                           00007ff83e0b181a 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[992] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                           00007ff83e0b1832 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\System32\svchost.exe[68] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                           00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                          00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[520] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                          00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\atieclxx.exe[704] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\atieclxx.exe[704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                        00007ff83e0b169a 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                        00007ff83e0b16a2 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                           00007ff83e0b181a 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                           00007ff83e0b1832 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\System32\svchost.exe[792] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                          00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[1112] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\System32\spoolsv.exe[1356] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[1384] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1560] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                         00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1584] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                     00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1584] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                    00007ff83e0b169a 4 bytes [0B, 3E, F8, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1584] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                    00007ff83e0b16a2 4 bytes [0B, 3E, F8, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1584] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                       00007ff83e0b181a 4 bytes [0B, 3E, F8, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1584] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                       00007ff83e0b1832 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\dashost.exe[1676] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[1436] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[2376] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\svchost.exe[2456] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\taskeng.exe[2940] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\taskhostex.exe[2948] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                      00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\Explorer.EXE[1820] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                                 00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\SearchIndexer.exe[3972] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                   00007ff83e1a553d 1 byte [62]
.text    C:\Windows\System32\skydrive.exe[3536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                        00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3984] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                         00007ff83e1a553d 1 byte [62]
.text    C:\WINDOWS\system32\taskeng.exe[4240] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe[4724] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                         00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe[4724] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                        00007ff83e0b169a 4 bytes [0B, 3E, F8, 7F]
.text    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe[4724] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                        00007ff83e0b16a2 4 bytes [0B, 3E, F8, 7F]
.text    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe[4724] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                           00007ff83e0b181a 4 bytes [0B, 3E, F8, 7F]
.text    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe[4724] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                           00007ff83e0b1832 4 bytes [0B, 3E, F8, 7F]
.text    C:\WINDOWS\system32\AUDIODG.EXE[2740] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                         00007ff83e1a553d 1 byte [62]
.text    C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[4968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                 00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                      00007ff83e1a553d 1 byte [62]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                           00007ff829f41f6a 4 bytes [F4, 29, F8, 7F]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[5088] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                           00007ff829f41f82 4 bytes [F4, 29, F8, 7F]
.text    C:\Windows\System32\SettingSyncHost.exe[4388] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165                                                                 00007ff83e1a553d 1 byte [62]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [596:628]                                                                                                                             fffff96000847b90
Thread   C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4280:4344]                                                                                          000000006df8f687
Thread   C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4280:1740]                                                                                          000000006df8f687
Thread   C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4280:2744]                                                                                          000000006df8f687
---- Processes - GMER 2.1 ----

Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4280] 0000000065070000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                               unknown MBR code

---- EOF - GMER 2.1 ----

I was finally able to successfully run GMER after receiving several error boxes as well as the "blue screen of death". I was not able to run GMER as admin because I kept receiving error boxes stating "C:\WINDOWS\System32\config\system: Process cannot access the file because it is being used by another process" then the message "k157jde3.exe program stopped"

After scan was complete I received the error messages:

C:\WINDOWS\system32\config\system: Process cannot access the file because it is being used by another process

C:\USERS\koony\ntuser.dat: Process cannot access the file because it is being used by another process

#5
Naathim

Posted 18 June 2014 - 06:52 AM

GeekU Minion

Expert
4,568 posts

Hi

First a couple of advice, next a little fix and a scan, later some questions for you

I've spotted signs of a P2P program installed on your machine.
uTorrent

Be warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
I strongly recommend full uninstallation of any P2P apps (if so, please do it from the Control Panel > Add/Remove Programs), but if you want to leave them on your OS (cause this is optional), at least please refrain from using it until we finish our work with cleaning your computer now.

My friendly advice: at least, when downloading any files from P2P network, scan them at Jotti or VirScan.

Registry Cleaner/Optimizer advice and warning!

Looks like there's this kind of software installed on your machine (WiseCleaner). I really doubt it will speed up your machine's performance, but it will surely increase the risk to damage it. Without even the basic Registry knowledge, this type of application may bring more harm than good. There were cases when such software left PC's unstable and unbootable. Below you can find Microsoft statement and some wise people talking about Registry Cleaners and this kind of Windows tweaking:
Microsoft policy for the use of registry cleaners
Mike Russinovich (Microsoft)
Miekiemoes (Malwarebytes)
Macboatmaster (G2G)
In your own interest should be staying away from this kind of applications. My best advice is that they should be removed/uninstalled.

I see that you're running more than one antivirus program at the same time.

avast! Free Antivirus
Charter Security Suite (F-Secure)

This is a bad idea.

Using more than one AV will not give you any better protection, but may cause interferences between them, slow your machine or even completely block your OS. You should choose only one to stay, and remove any others. Think carefully and stay with only one AV.
It should be done before any other steps in malware removing will be taken.

In your next reply I'd like to know which one will stay and which one will go.
You may remove it from the Control Panel (Start > Control Panel > Uninstall a program or Programs and Features if in Classic View) and in my next post I will provide also the tool that will take care of the uninstalled AV's remnants.

= = = = = = = = = = = = = = = = = = = =

We'll run a fix using Farbar Recovery Scan Tool.

Download attached fixlist.txt file and save it to the Desktop.
fixlist.txt 853bytes 148 downloads
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

WARNING

This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system!

Right click on the to Run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

= = = = = = = = = = = = = = = = = = = =

Download aswMBR by avast! and save it to your desktop.

Simply double-click the icon to run it. It will ask for administrator privileges.
Once prompted to download the database, click No.
Choose None for the AV Scan option.
Press Scan.
Once done, click Save Log and choose your desktop.
Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

= = = = = = = = = = = = = = = = = = = =

Questions:
There is missing Hosts file, which was renamed to hosts.txt in its appropriate location. Is it your own tweak?

Please also try to find and post a report from avast!, showing what was removed previously.

= = = = = = = = = = = = = = = = = = = =

Now in your next reply please include these ones for my review:
fixlog.txt

aswMBR report
avast report
answers to my questions about the antivirus and the hosts file

I don't mind multiple posts if necessary.

Cheers,
Naat

#6
kikiera

Posted 18 June 2014 - 02:11 PM

Member

Topic Starter
Member
66 posts

I really like how thorough you are. I was not aware that the hosts file had been renamed. The renaming is not of my own doing. The Charter Security Suite (F-Secure) and Utorrent have both been uninstalled. I have a teenage cousin who comes to use my PC from time to time so let's just say I found out where that came from. Fixlog.txt and aswMBR report are listed below.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014
Ran by Koony at 2014-06-18 11:07:11 Run:1
Running from C:\Users\Koony\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {33D0B8F7-D807-446F-B347-B2744D89F8F7} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No File
BHO-x32: No Name - {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Task: {69DFF248-259C-4D37-97F6-B63C1DA71F59} - System32\Tasks\Test TimeTrigger => C:\Users\Koony\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {71922917-A4AF-47F0-86E8-36E5AB4F0E28} - \LaunchApp No Task File <==== ATTENTION
Task: {92200CD7-4925-44BE-A2F2-2AE3D4602DF6} - \BackgroundContainer Startup Task No Task File <==== ATTENTION

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33D0B8F7-D807-446F-B347-B2744D89F8F7}' => Key deleted successfully.
'HKCR\CLSID\{33D0B8F7-D807-446F-B347-B2744D89F8F7}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}' => Key deleted successfully.
'HKCR\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
'HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69DFF248-259C-4D37-97F6-B63C1DA71F59}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DFF248-259C-4D37-97F6-B63C1DA71F59}' => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71922917-A4AF-47F0-86E8-36E5AB4F0E28}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71922917-A4AF-47F0-86E8-36E5AB4F0E28}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92200CD7-4925-44BE-A2F2-2AE3D4602DF6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92200CD7-4925-44BE-A2F2-2AE3D4602DF6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task' => Key deleted successfully.

==== End of Fixlog ====

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-18 11:08:09
-----------------------------
11:08:09.537    OS Version: Windows x64 6.2.9200
11:08:09.537    Number of processors: 2 586 0x200
11:08:09.537    ComputerName: SHARONJONESHALL UserName: Koony
11:08:10.944    Initialize success
11:08:10.944    VM: initialized successfully
11:08:10.959    VM: outdated driver version !
11:08:14.694    AVAST engine defs: 14061800
11:08:42.680    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000025
11:08:42.696    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
11:08:42.790    Disk 0 MBR read successfully
11:08:42.805    Disk 0 MBR scan
11:08:42.805    Disk 0 unknown MBR code
11:08:42.821    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
11:08:42.852    Disk 0 scanning C:\WINDOWS\system32\drivers
11:08:55.884    Service scanning
11:09:25.901    Modules scanning
11:09:25.932    Disk 0 trace - called modules:
11:09:25.948    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
11:09:25.979    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00017372330]
11:09:25.979    3 CLASSPNP.SYS[fffff80134c6027b] -> nt!IofCallDriver -> \Device\00000025[0xffffe0001637f6d0]
11:09:25.995    Scan finished successfully
11:09:42.622    Disk 0 MBR has been saved successfully to "C:\Users\Koony\Desktop\MBR.dat"
11:09:42.640    The log file has been saved successfully to "C:\Users\Koony\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-18 11:20:10
-----------------------------
11:20:10.925    OS Version: Windows x64 6.2.9200
11:20:10.925    Number of processors: 2 586 0x200
11:20:10.940    ComputerName: SHARONJONESHALL UserName: Koony
11:20:13.175    Initialize success
11:20:13.175    VM: initialized successfully
11:20:13.175    VM: outdated driver version !
11:20:16.894    AVAST engine defs: 14061800
11:21:02.489    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000025
11:21:02.489    Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
11:21:02.630    Disk 0 MBR read successfully
11:21:02.646    Disk 0 MBR scan
11:21:02.646    Disk 0 unknown MBR code
11:21:02.661    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
11:21:02.724    Disk 0 scanning C:\WINDOWS\system32\drivers
11:21:16.865    Service scanning
11:21:45.975    Modules scanning
11:21:46.006    Disk 0 trace - called modules:
11:21:46.022    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll
11:21:46.038    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00017372330]
11:21:46.053    3 CLASSPNP.SYS[fffff80134c6027b] -> nt!IofCallDriver -> \Device\00000025[0xffffe0001637f6d0]
11:21:46.069    Scan finished successfully
11:54:20.764    Disk 0 MBR has been saved successfully to "C:\Users\Koony\Desktop\MBR.dat"
11:54:20.779    The log file has been saved successfully to "C:\Users\Koony\Desktop\aswMBR.txt"

#7
kikiera

Posted 18 June 2014 - 06:37 PM

Member

Topic Starter
Member
66 posts

I have attempted several times to post screenshots of the Quarantine (virus chest) as well as the last scan results. I can view these things but when I attempted to post screenshots of them in the forum I was given an error msg to the effect of "cannot be posted here".

#8
Naathim

Posted 18 June 2014 - 06:46 PM

GeekU Minion

Expert
4,568 posts

You may always upload them to some external service and post me the links (like imageshack or anyone else similar to it). Or share it with a dropbox account or a site like mediafire.

It's 3 AM here, I'm signing off for tonight. Will get back to you tomorrow, after analyzing the provided data.

Regards from Poland,
Naat

#9
Naathim

Posted 19 June 2014 - 06:48 AM

GeekU Minion

Expert
4,568 posts

Hi again

A fix and a scan later on, please remember to post the screenshots from avast.
And believe me, you don't want me not to check every line of your logs

We'll run a fix using Farbar Recovery Scan Tool.

Download attached fixlist.txt file and save it to the Desktop.
fixlist.txt 107bytes 133 downloads
VERY IMPORTANT:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

WARNING

This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system!

Right click on the to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Performing general FRST scan

Please re-run Farbar Recovery Scan Tool

Right click on to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
When the tool opens click Yes to disclaimer.
You will be presented with a window like below:

Make sure that the Addition box is checked.
Press Scan button.
It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
Please copy and paste them back here.

Cheers,
Naat

#10
Naathim

Posted 22 June 2014 - 10:39 AM

GeekU Minion

Expert
4,568 posts

Are you still around?

#11
Essexboy

Posted 23 June 2014 - 08:45 AM

GeekU Moderator

Retired Staff
69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#12
Naathim

Posted 24 June 2014 - 06:53 AM

GeekU Minion

Expert
4,568 posts

User returned.

#13
kikiera

Posted 24 June 2014 - 05:09 PM

Member

Topic Starter
Member
66 posts

Thank you fo r re-opening this topic . The requested logs are below as well as the Avast scans requested.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Koony (administrator) on SHARONJONESHALL on 23-06-2014 19:47:10
Running from C:\Users\Koony\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_2.1.1405.2329_x86__8wekyb3d8bbwe\Taptiles.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-07-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-06-12] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-05-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\S-1-5-21-1077101162-4101747896-2045992607-1002\...\Run: [SkyDrive] => C:\Users\Koony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-15] (Microsoft Corporation)
HKU\S-1-5-21-1077101162-4101747896-2045992607-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - {33D0B8F7-D807-446F-B347-B2744D89F8F7} URL = http://www.bing.com/...E10TR&pc=MAGWJS
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 66.189.0.100 24.159.64.23

FireFox:
========
FF ProfilePath: C:\Users\Koony\AppData\Roaming\Mozilla\Firefox\Profiles\20ocsh76.default
FF Homepage: www.msn.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Koony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-02]
FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-02]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-21]

Chrome:
=======
CHR HomePage: https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: "hxxp://www.msn.com/"
CHR Extension: (Google Docs) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-30]
CHR Extension: (Google Drive) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-30]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-03-31]
CHR Extension: (Google Search) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-30]
CHR Extension: (avast! Online Security) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-27]
CHR Extension: (RealPlayer Downloader) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]
CHR Extension: (Gmail) - C:\Users\Koony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-14]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-14] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-03] (WildTangent)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-02] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-14] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-11] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-11] (Symantec Corporation) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-23 19:35 - 2014-06-23 19:35 - 00000000 ____D () C:\Users\Koony\Desktop\FRST-OlderVersion
2014-06-20 22:44 - 2014-06-20 22:44 - 00015642 _____ () C:\Users\Koony\Desktop\aswBoot.txt
2014-06-18 11:54 - 2014-06-18 11:54 - 00000512 _____ () C:\Users\Koony\Desktop\MBR.dat
2014-06-18 11:09 - 2014-06-18 11:54 - 00003034 _____ () C:\Users\Koony\Desktop\aswMBR.txt
2014-06-18 10:41 - 2014-06-18 10:42 - 05185536 _____ (AVAST Software) C:\Users\Koony\Desktop\aswMBR.exe
2014-06-17 23:55 - 2014-06-17 23:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 12:15 - 2014-06-17 12:15 - 00012869 _____ () C:\Users\Koony\Desktop\gmer.log
2014-06-17 11:55 - 2014-06-23 19:40 - 01089725 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-17 11:55 - 2014-06-17 11:55 - 00279360 _____ () C:\WINDOWS\Minidump\061714-23984-01.dmp
2014-06-17 11:55 - 2014-06-17 11:55 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-17 11:54 - 2014-06-19 12:11 - 00001454 _____ () C:\WINDOWS\PFRO.log
2014-06-17 11:54 - 2014-06-17 11:54 - 587612795 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-17 11:06 - 2014-06-17 11:20 - 00001494 _____ () C:\Users\Koony\Desktop\k157jde3 - Shortcut.lnk
2014-06-17 11:06 - 2014-06-17 11:06 - 00380416 _____ () C:\Users\Koony\Downloads\k157jde3.exe
2014-06-17 11:02 - 2014-06-17 11:03 - 00044448 _____ () C:\Users\Koony\Desktop\Addition.txt
2014-06-17 11:00 - 2014-06-23 19:47 - 00018492 _____ () C:\Users\Koony\Desktop\FRST.txt
2014-06-17 10:59 - 2014-06-23 19:47 - 00000000 ____D () C:\FRST
2014-06-17 10:58 - 2014-06-23 19:35 - 02082816 _____ (Farbar) C:\Users\Koony\Desktop\FRST64.exe
2014-06-15 16:55 - 2014-06-20 23:27 - 00000000 ____D () C:\Users\Koony\Desktop\Trey's Study Sheets
2014-06-14 01:21 - 2014-06-14 01:21 - 00012161 _____ () C:\Users\Koony\Desktop\AdwCleaner[S0].txt
2014-06-14 00:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-14 00:07 - 2014-06-14 00:07 - 00001259 _____ () C:\Users\Koony\Desktop\adwcleaner_3.212 - Shortcut.lnk
2014-06-13 10:39 - 2014-06-14 01:02 - 00000000 ____D () C:\AdwCleaner
2014-06-13 10:34 - 2014-06-13 10:34 - 01333465 _____ () C:\Users\Koony\Downloads\adwcleaner_3.212.exe
2014-06-13 10:22 - 2014-06-16 13:28 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 10:21 - 2014-06-13 10:21 - 00162330 _____ () C:\Users\Koony\Desktop\OTL.Txt
2014-06-13 09:51 - 2014-06-13 09:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 09:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-13 09:51 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-13 09:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-13 09:46 - 2014-06-13 09:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Koony\Downloads\RANDOM NAME.exe
2014-06-13 04:24 - 2014-06-13 04:24 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-13 01:55 - 2014-06-13 10:08 - 00162330 _____ () C:\Users\Koony\Downloads\OTL.Txt
2014-06-13 01:47 - 2014-06-13 01:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 01:21 - 2014-06-13 01:21 - 00602112 _____ (OldTimer Tools) C:\Users\Koony\Downloads\OTL.exe
2014-06-12 23:36 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-12 23:36 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-12 23:36 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-12 23:36 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-06-12 23:36 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-12 23:36 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-12 23:36 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-12 23:36 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-12 23:36 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-12 23:36 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-12 23:36 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-12 23:36 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-12 23:36 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-12 23:36 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-06-12 23:36 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-12 23:36 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-12 23:36 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-12 23:36 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-12 23:36 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-12 23:36 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-12 23:36 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-12 23:36 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-12 23:36 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-12 23:36 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-12 23:36 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-12 23:36 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-12 23:36 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-12 23:36 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-06-12 23:36 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-06-12 23:36 - 2014-05-09 23:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-12 23:36 - 2014-05-09 23:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-12 23:36 - 2014-05-08 19:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-06-12 23:36 - 2014-05-03 03:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-06-12 23:36 - 2014-05-03 00:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-12 23:36 - 2014-05-03 00:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-12 23:36 - 2014-05-02 23:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-06-12 23:36 - 2014-05-02 23:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-12 23:36 - 2014-04-30 07:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-12 23:36 - 2014-04-29 23:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-12 23:36 - 2014-04-03 03:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-12 23:36 - 2014-04-03 03:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-06-12 23:36 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-06-12 23:36 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-12 23:36 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-06-12 23:36 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-12 23:36 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-06-12 23:36 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-06-12 23:36 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-12 23:36 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-06-12 23:36 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-12 23:36 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-12 23:36 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-06-12 23:36 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-12 23:35 - 2014-05-05 00:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-12 23:35 - 2014-04-18 05:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-06-12 23:35 - 2014-04-18 04:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-06-12 23:35 - 2014-04-18 04:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-06-12 23:35 - 2014-04-18 04:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-06-12 23:35 - 2014-04-18 03:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-06-12 23:35 - 2014-04-18 03:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-06-12 23:35 - 2014-04-09 00:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-06-12 23:35 - 2014-04-06 12:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-06-12 23:35 - 2014-04-06 12:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-06-12 23:35 - 2014-04-06 11:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-06-12 23:35 - 2014-04-06 11:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-06-12 23:35 - 2014-04-06 10:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-06-12 23:35 - 2014-04-06 08:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-06-12 23:35 - 2014-04-06 07:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-06-12 23:35 - 2014-04-06 07:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-06-12 23:35 - 2014-04-06 06:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-06-12 23:35 - 2014-04-06 06:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-06-12 23:35 - 2014-04-06 06:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-06-12 23:35 - 2014-04-06 06:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-06-12 23:35 - 2014-04-06 06:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-06-12 23:35 - 2014-04-03 04:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-06-12 23:35 - 2014-04-02 23:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-06-12 23:35 - 2014-04-02 22:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-06-12 23:35 - 2014-04-02 22:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-12 23:35 - 2014-04-02 22:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-06-12 23:35 - 2014-04-02 22:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-06-12 23:35 - 2014-04-02 22:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-06-12 23:35 - 2014-03-31 01:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-06-12 23:35 - 2014-03-30 18:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-06-12 23:35 - 2014-03-28 11:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-06-12 23:35 - 2014-03-26 23:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-06-12 23:35 - 2014-03-24 18:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-06-12 23:35 - 2014-03-19 20:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-06-12 23:35 - 2014-03-19 19:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-06-12 23:35 - 2014-03-19 04:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-06-12 23:35 - 2014-03-19 00:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-06-12 23:35 - 2014-03-18 01:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-06-12 23:35 - 2014-03-18 00:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-06-12 23:35 - 2014-03-17 01:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-06-12 23:35 - 2014-03-17 00:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-06-12 23:35 - 2014-03-16 23:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-06-12 23:35 - 2014-03-16 22:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-06-12 23:35 - 2014-03-14 02:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-06-12 23:35 - 2014-03-14 02:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-06-12 23:35 - 2014-03-06 08:42 - 00310616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-06-12 23:34 - 2014-05-19 02:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-12 23:34 - 2014-05-19 02:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-12 23:34 - 2014-05-19 01:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-12 23:34 - 2014-04-30 00:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2014-06-12 23:34 - 2014-04-30 00:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2014-06-12 23:34 - 2014-04-29 23:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2014-06-12 23:34 - 2014-04-18 10:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-06-12 23:34 - 2014-04-18 10:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-06-12 23:34 - 2014-04-18 09:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-06-12 23:34 - 2014-04-18 05:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-06-12 23:34 - 2014-04-18 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-06-12 23:34 - 2014-04-14 05:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-06-12 23:34 - 2014-04-14 04:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-06-12 23:34 - 2014-04-11 00:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-06-12 23:34 - 2014-04-11 00:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-06-12 23:34 - 2014-04-10 23:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-06-12 23:34 - 2014-04-09 07:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-12 23:34 - 2014-04-09 02:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-06-12 23:34 - 2014-04-09 01:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-06-12 23:34 - 2014-04-08 23:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-06-12 23:34 - 2014-04-07 22:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-06-12 23:34 - 2014-04-06 12:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-06-12 23:34 - 2014-04-06 12:34 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-06-12 23:34 - 2014-04-06 12:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-06-12 23:34 - 2014-04-06 12:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-06-12 23:34 - 2014-04-06 12:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-06-12 23:34 - 2014-04-06 12:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-06-12 23:34 - 2014-04-06 12:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-06-12 23:34 - 2014-04-06 12:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-06-12 23:34 - 2014-04-06 11:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-06-12 23:34 - 2014-04-06 11:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-06-12 23:34 - 2014-04-06 11:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-06-12 23:34 - 2014-04-06 08:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-06-12 23:34 - 2014-04-06 08:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-06-12 23:34 - 2014-04-06 08:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-06-12 23:34 - 2014-04-06 08:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-06-12 23:34 - 2014-04-06 07:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-06-12 23:34 - 2014-04-06 07:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-06-12 23:34 - 2014-04-06 07:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-06-12 23:34 - 2014-04-06 05:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-06-12 23:34 - 2014-04-03 04:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-06-12 23:34 - 2014-04-03 04:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-06-12 23:34 - 2014-04-03 00:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-06-12 23:34 - 2014-04-03 00:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-06-12 23:34 - 2014-04-02 22:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-06-12 23:34 - 2014-04-02 22:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-06-12 23:34 - 2014-04-01 02:23 - 00384856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-06-12 23:34 - 2014-03-30 20:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-06-12 23:34 - 2014-03-30 20:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-06-12 23:34 - 2014-03-30 19:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-06-12 23:34 - 2014-03-30 18:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-06-12 23:34 - 2014-03-30 18:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-06-12 23:34 - 2014-03-30 18:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-06-12 23:34 - 2014-03-30 17:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-06-12 23:34 - 2014-03-27 02:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-06-12 23:34 - 2014-03-27 01:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-06-12 23:34 - 2014-03-27 00:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-06-12 23:34 - 2014-03-27 00:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-06-12 23:34 - 2014-03-27 00:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-06-12 23:34 - 2014-03-26 23:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-06-12 23:34 - 2014-03-26 23:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-06-12 23:34 - 2014-03-19 23:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-06-12 23:34 - 2014-03-19 04:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-06-12 23:34 - 2014-03-19 03:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-06-12 23:34 - 2014-03-19 03:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-06-12 23:34 - 2014-03-19 02:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-06-12 23:34 - 2014-03-19 01:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-06-12 23:34 - 2014-03-19 01:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-06-12 23:34 - 2014-03-19 01:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-06-12 23:34 - 2014-03-19 01:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-06-12 23:34 - 2014-03-19 01:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-06-12 23:34 - 2014-03-19 01:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-06-12 23:34 - 2014-03-19 00:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-06-12 23:34 - 2014-03-19 00:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-06-12 23:34 - 2014-03-18 04:19 - 00077312 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-06-12 23:34 - 2014-03-16 22:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-06-12 23:33 - 2014-05-01 09:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-12 23:33 - 2014-05-01 09:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-12 23:33 - 2014-05-01 03:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-12 23:33 - 2014-05-01 03:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-12 23:33 - 2014-05-01 02:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-12 23:33 - 2014-05-01 01:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-12 23:24 - 2014-06-23 19:41 - 00003354 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-12 23:24 - 2014-06-23 19:41 - 00003302 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-09 18:44 - 2014-06-09 18:46 - 00000000 ____D () C:\ProgramData\DAEMON Tools Pro
2014-06-07 17:10 - 2014-06-07 17:10 - 00000000 ____D () C:\Users\Koony\Desktop\Old Firefox Data
2014-06-01 09:42 - 2014-06-17 10:24 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\Users\Koony\AppData\Local\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-01 09:40 - 2014-06-12 18:46 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\ARecEngine
2014-05-27 00:59 - 2014-05-27 01:01 - 00007605 _____ () C:\Users\Koony\AppData\Local\resmon.resmoncfg
2014-05-24 19:18 - 2014-05-25 09:19 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2014-05-24 19:18 - 2014-05-24 19:19 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00001133 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-24 19:09 - 2014-05-24 19:09 - 00000000 ____D () C:\Users\Koony\Documents\Adobe

==================== One Month Modified Files and Folders =======

2014-06-23 19:47 - 2014-06-17 11:00 - 00018492 _____ () C:\Users\Koony\Desktop\FRST.txt
2014-06-23 19:47 - 2014-06-17 10:59 - 00000000 ____D () C:\FRST
2014-06-23 19:46 - 2013-03-15 22:57 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-23 19:41 - 2014-06-12 23:24 - 00003354 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-23 19:41 - 2014-06-12 23:24 - 00003302 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-23 19:41 - 2014-03-27 11:24 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-23 19:41 - 2013-10-06 19:32 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 19:41 - 2013-06-15 23:03 - 00005002 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SHARONJONESHALL-Koony Sharonjoneshall
2014-06-23 19:40 - 2014-06-17 11:55 - 01089725 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-23 19:40 - 2014-04-01 09:18 - 00000000 ____D () C:\Users\Koony\Desktop\AND
2014-06-23 19:40 - 2013-03-17 12:13 - 00000000 __RDO () C:\Users\Koony\SkyDrive
2014-06-23 19:38 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-23 19:37 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-23 19:35 - 2014-06-23 19:35 - 00000000 ____D () C:\Users\Koony\Desktop\FRST-OlderVersion
2014-06-23 19:35 - 2014-06-17 10:58 - 02082816 _____ (Farbar) C:\Users\Koony\Desktop\FRST64.exe
2014-06-23 19:27 - 2014-05-12 13:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-23 19:16 - 2013-10-06 19:32 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 19:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-23 18:56 - 2014-02-11 20:14 - 00445440 ___SH () C:\Users\Koony\Desktop\Thumbs.db
2014-06-23 18:26 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-23 08:51 - 2013-06-30 17:24 - 00000000 ____D () C:\Users\Koony\AppData\Local\Adobe
2014-06-22 14:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-21 22:40 - 2013-12-28 22:53 - 00003376 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-21 22:40 - 2013-12-28 22:53 - 00003324 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-20 23:27 - 2014-06-15 16:55 - 00000000 ____D () C:\Users\Koony\Desktop\Trey's Study Sheets
2014-06-20 22:44 - 2014-06-20 22:44 - 00015642 _____ () C:\Users\Koony\Desktop\aswBoot.txt
2014-06-20 01:18 - 2013-12-04 14:15 - 00000000 ____D () C:\Users\Koony
2014-06-19 21:01 - 2014-02-23 23:10 - 00000000 ____D () C:\Users\Koony\AppData\Local\CrashDumps
2014-06-19 12:17 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-19 12:11 - 2014-06-17 11:54 - 00001454 _____ () C:\WINDOWS\PFRO.log
2014-06-19 12:11 - 2014-05-12 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 08:59 - 2013-03-17 12:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-18 21:11 - 2013-10-06 19:32 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 21:11 - 2013-10-06 19:32 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 11:54 - 2014-06-18 11:54 - 00000512 _____ () C:\Users\Koony\Desktop\MBR.dat
2014-06-18 11:54 - 2014-06-18 11:09 - 00003034 _____ () C:\Users\Koony\Desktop\aswMBR.txt
2014-06-18 10:42 - 2014-06-18 10:41 - 05185536 _____ (AVAST Software) C:\Users\Koony\Desktop\aswMBR.exe
2014-06-18 09:32 - 2014-05-10 01:44 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\uTorrent
2014-06-18 09:30 - 2013-10-27 12:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-06-17 23:55 - 2014-06-17 23:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 15:55 - 2013-03-15 22:46 - 00000000 ____D () C:\Users\Koony\AppData\Local\Packages
2014-06-17 12:15 - 2014-06-17 12:15 - 00012869 _____ () C:\Users\Koony\Desktop\gmer.log
2014-06-17 11:55 - 2014-06-17 11:55 - 00279360 _____ () C:\WINDOWS\Minidump\061714-23984-01.dmp
2014-06-17 11:55 - 2014-06-17 11:55 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-17 11:54 - 2014-06-17 11:54 - 587612795 _____ () C:\WINDOWS\MEMORY.DMP
2014-06-17 11:20 - 2014-06-17 11:06 - 00001494 _____ () C:\Users\Koony\Desktop\k157jde3 - Shortcut.lnk
2014-06-17 11:06 - 2014-06-17 11:06 - 00380416 _____ () C:\Users\Koony\Downloads\k157jde3.exe
2014-06-17 11:03 - 2014-06-17 11:02 - 00044448 _____ () C:\Users\Koony\Desktop\Addition.txt
2014-06-17 10:24 - 2014-06-01 09:42 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Skype
2014-06-16 13:28 - 2014-06-13 10:22 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 22:39 - 2013-12-28 22:53 - 00003396 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002
2014-06-14 15:52 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-14 01:21 - 2014-06-14 01:21 - 00012161 _____ () C:\Users\Koony\Desktop\AdwCleaner[S0].txt
2014-06-14 01:09 - 2013-08-22 10:44 - 05098592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-14 01:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-06-14 01:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-06-14 01:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-06-14 01:05 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-06-14 01:02 - 2014-06-13 10:39 - 00000000 ____D () C:\AdwCleaner
2014-06-14 00:07 - 2014-06-14 00:07 - 00001259 _____ () C:\Users\Koony\Desktop\adwcleaner_3.212 - Shortcut.lnk
2014-06-14 00:07 - 2014-04-07 10:26 - 00169984 ___SH () C:\Users\Koony\Downloads\Thumbs.db
2014-06-13 10:34 - 2014-06-13 10:34 - 01333465 _____ () C:\Users\Koony\Downloads\adwcleaner_3.212.exe
2014-06-13 10:21 - 2014-06-13 10:21 - 00162330 _____ () C:\Users\Koony\Desktop\OTL.Txt
2014-06-13 10:08 - 2014-06-13 01:55 - 00162330 _____ () C:\Users\Koony\Downloads\OTL.Txt
2014-06-13 09:51 - 2014-06-13 09:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-13 09:51 - 2014-06-13 09:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-13 09:47 - 2014-06-13 09:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Koony\Downloads\RANDOM NAME.exe
2014-06-13 04:24 - 2014-06-13 04:24 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-06-13 03:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-06-13 01:47 - 2014-06-13 01:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 01:21 - 2014-06-13 01:21 - 00602112 _____ (OldTimer Tools) C:\Users\Koony\Downloads\OTL.exe
2014-06-12 19:20 - 2014-03-27 11:25 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-12 19:20 - 2014-03-27 11:25 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-12 19:15 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-06-12 19:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-06-12 19:13 - 2014-05-21 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-06-12 19:13 - 2014-03-27 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-12 19:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-12 19:13 - 2013-03-15 22:48 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-06-12 18:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2014-06-12 18:46 - 2014-06-01 09:40 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\ARecEngine
2014-06-12 18:46 - 2013-03-15 22:48 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\Adobe
2014-06-12 18:43 - 2013-10-06 19:27 - 00000000 ____D () C:\ProgramData\Real
2014-06-12 18:42 - 2013-03-25 11:46 - 00000000 __RHD () C:\MSOCache
2014-06-12 17:07 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-12 16:35 - 2013-08-16 15:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-09 18:46 - 2014-06-09 18:44 - 00000000 ____D () C:\ProgramData\DAEMON Tools Pro
2014-06-07 17:10 - 2014-06-07 17:10 - 00000000 ____D () C:\Users\Koony\Desktop\Old Firefox Data
2014-06-05 08:50 - 2014-05-21 20:56 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-06-01 09:42 - 2014-06-01 09:42 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\Users\Koony\AppData\Local\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Skype
2014-06-01 09:42 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-31 21:24 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI(271)
2014-05-31 01:13 - 2014-05-01 12:24 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 01:13 - 2014-05-01 12:24 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-30 06:21 - 2014-06-12 23:36 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-30 05:45 - 2014-06-12 23:36 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-05-30 05:28 - 2014-06-12 23:36 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-05-30 05:20 - 2014-06-12 23:36 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-12 23:36 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-30 05:08 - 2014-06-12 23:36 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-12 23:36 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-05-30 04:46 - 2014-06-12 23:36 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-12 23:36 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-12 23:36 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-05-30 04:38 - 2014-06-12 23:36 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-12 23:36 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-05-30 04:29 - 2014-06-12 23:36 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-05-30 04:27 - 2014-06-12 23:36 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-05-30 04:23 - 2014-06-12 23:36 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-12 23:36 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-05-30 04:04 - 2014-06-12 23:36 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-12 23:36 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-12 23:36 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-12 23:36 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-05-30 03:54 - 2014-06-12 23:36 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-05-30 03:49 - 2014-06-12 23:36 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-12 23:36 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-12 23:36 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-12 23:36 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-12 23:36 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-12 23:36 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-12 23:36 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-12 23:36 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-05-27 01:07 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-05-27 01:01 - 2014-05-27 00:59 - 00007605 _____ () C:\Users\Koony\AppData\Local\resmon.resmoncfg
2014-05-27 00:53 - 2013-10-25 19:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-25 09:19 - 2014-05-24 19:18 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2014-05-24 19:19 - 2014-05-24 19:18 - 00000000 ____D () C:\Users\Koony\AppData\Roaming\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00001133 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\ProgramData\NCH Software
2014-05-24 19:18 - 2014-05-24 19:18 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-24 19:09 - 2014-05-24 19:09 - 00000000 ____D () C:\Users\Koony\Documents\Adobe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-19 12:41

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Koony at 2014-06-23 19:49:52
Running from C:\Users\Koony\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

100% Hidden Objects (x32 Version: 3.0.2.51 - WildTangent) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Chinese Dragon (x32 Version: 3.0.2.59 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Easter Eggztravaganza 2 (x32 Version: 3.0.2.48 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Game Channels (x32 Version: 7.1.0.17 - WildTangent, Inc.) Hidden
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hidden Relics (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp (x32 Version: 12.0.0016 - Nero AG) Hidden
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: - NCH Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recipe Hub Internet Explorer Toolbar (HKLM-x32\...\RecipeHub_2jbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge! (HKLM-x32\...\Zuma's Revenge!) (Version: - PopCap Games)

==================== Restore Points =========================

17-06-2014 19:50:55 Windows Update
18-06-2014 13:27:41 Removed Charter Security Suite
21-06-2014 13:47:29 Windows Update

==================== Hosts content: ==========================

2014-06-23 19:35 - 2014-06-23 19:35 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {079E9C3D-B20E-492B-B221-5E956DBBA445} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1077101162-4101747896-2045992607-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {119BC8ED-BE8D-4827-8E9B-07FA207154AA} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {12DC067F-36B3-400A-B63B-03EB237DEECC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {29624FC6-394A-41D8-B717-AB078C1A6568} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {33ACCD6D-4F36-496B-B144-6B1CB04AB7DB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-14] (AVAST Software)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {43731F27-6771-482F-9F62-9EA96C137D85} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
Task: {47B59DC3-5B90-45CB-9CC1-973C41C60205} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F5D8B63-3F16-4010-9547-54F3F7AFCFE2} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {59ED0ADD-34E5-45EF-9F8B-648106DF9F69} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {657A72A1-060A-4CD8-BF22-C05CEDDA0662} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {746C9A25-5A35-4C5F-886A-FBF0677578BF} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7C87C3D1-CE1D-4A72-9803-FC475A6D9250} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AF89F5B-A724-46C9-8745-F0543139342C} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E6E97C2-1786-4501-9BA4-34CA083EAF8A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {9EAB5892-0586-4B5F-ACE2-20430CFABE81} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A040473A-F787-4B4F-94B3-8F66043722EC} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A8ECCD8F-213C-4798-8216-E4B9E062A1C4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SHARONJONESHALL-Koony Sharonjoneshall => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: {A9504797-E88B-4D0D-AE1F-76B4FABA1EDA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-19] (Microsoft Corporation)
Task: {B2204A91-640A-41CE-8F16-9611504B6D7F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {B9693FF3-E54A-4111-A20C-50123FD1BD1A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
Task: {BEBE69D1-9A43-4AA1-901C-AE7BAE824266} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C7E688CC-8234-4B3C-896D-5F539E833AF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D993BAA8-E3A9-4D5E-BE93-B37FC50DDB5B} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DE6D017A-379E-48DA-995E-A209FEAA6314} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {E1C361A2-F281-4A53-8518-331EE588A2DB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ED10D83A-9EAB-4C7F-AD40-9EE9E0EFD45A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1077101162-4101747896-2045992607-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
Task: {FC39081F-C5D2-4124-8539-6F41EF0DD9BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-06] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-27 17:19 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-06-19 08:56 - 2014-06-19 08:56 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2012-07-20 02:01 - 2012-07-20 02:01 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-06-23 17:07 - 2014-06-23 17:07 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062301\algo.dll
2014-05-02 15:24 - 2014-05-02 15:24 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-03-27 11:23 - 2014-03-27 11:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-19 08:56 - 2014-06-19 08:56 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-06-19 08:54 - 2014-06-19 08:54 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-05-02 09:42 - 2014-05-02 09:42 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\f2bf020fc6307e10194fd94e85d52a72\Windows.UI.Xaml.ni.dll
2014-05-02 09:42 - 2014-05-02 09:42 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\c95c4deae76420a882bef7161a449d72\Windows.UI.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00122880 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\d844f788b32033689d5afca27bb255a6\Arkadium.ApplicationFramework.ni.dll
2014-06-14 02:36 - 2014-06-14 02:36 - 01717760 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\3ceb21a5d6a35f64f318dee8b667a9ad\Arkadium.DailyChallengeModule.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00152064 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\94119bff3cfaa9a57ec27e09b3e6ca5b\Arkadium.AchievementsModule.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00249344 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\e7a9e0b77f831f5a0cc42115ceabf2a2\Arkadium.AwardsModule.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00310272 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\f7e5a15c9981431fd2f771b9481f83e0\Arkadium.LeaderboardModule.ni.dll
2014-06-14 02:35 - 2014-06-14 02:35 - 00596992 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\62aa74869419c4ed6d4e799d8feca938\Arkadium.Advertisement.ni.dll
2014-06-14 02:36 - 2014-06-14 02:36 - 00297984 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\52f0f29413f74d25394eadc236fce1c7\Arkadium.WindowsStoreModule.ni.dll
2014-05-02 09:40 - 2014-05-02 09:40 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\224ab0385dc2991b9139bdbf7bcf8e0e\Windows.ApplicationModel.ni.dll
2014-05-02 09:48 - 2014-05-02 09:48 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\95e459fe3e0f12f2dc9f48fb91886621\Windows.Data.ni.dll
2014-05-02 09:40 - 2014-05-02 09:40 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f3deb382d1f91df4e2bf1801afb4ea21\Windows.Storage.ni.dll
2014-05-02 09:40 - 2014-05-02 09:40 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00122880 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\fc79342af60c7741b6569a2d61d90a1a\Arkadium.Xaml.Toolkit.ni.dll
2014-05-28 05:09 - 2014-05-28 05:09 - 00258560 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\6aeb49424ffba822ec5d785ad67a7f28\Arkadium.CdnModule.ni.dll
2014-05-28 05:10 - 2014-05-28 05:10 - 00483840 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\7334cf3cd56e548536e510cce0ed4e14\Microsoft.Xbox.ni.dll
2014-05-02 09:42 - 2014-05-02 09:42 - 00770560 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\ae986fe3d2717c157eb1eeeb4d99aaa1\Windows.Media.ni.dll
2014-05-28 05:10 - 2014-05-28 05:10 - 00227328 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\5c7c9f4bd1fc9e9f637b2435b69ce105\CEServices.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00402432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\27136c94fce321fc4e76bccb5fc38fe0\Windows.Security.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00238080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\a1306b1fdd9c22508f9e5d901fceb4cd\Windows.Globalization.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\66db718389f1cd2503053c09b3de857f\Windows.Networking.ni.dll
2014-05-02 09:41 - 2014-05-02 09:41 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\726121cd59d8545addcd2c64688b5309\Windows.System.ni.dll
2014-05-28 05:11 - 2014-05-28 05:11 - 00041984 _____ () C:\Users\Koony\AppData\Local\Packages\Microsoft.Taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\c9c9d32d102cd8eb4ad7d760ede11f62\Microsoft.Games.Sentient.ni.dll
2014-05-02 09:47 - 2014-05-02 09:47 - 00304128 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\4e33edd5ee2ee09f751c0071ba0a26c3\Windows.Graphics.ni.dll
2014-05-02 09:48 - 2014-05-02 09:48 - 01282048 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll
2014-06-17 23:55 - 2014-06-17 23:55 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Koony\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/23/2014 05:36:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 05:28:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 04:48:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 04:40:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/23/2014 09:01:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/23/2014 07:38:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/23/2014 07:38:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/23/2014 06:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/23/2014 05:07:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/22/2014 06:19:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/22/2014 00:44:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/22/2014 00:44:30 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/21/2014 10:13:04 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (06/21/2014 01:42:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/21/2014 09:33:56 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Microsoft Office Sessions:
=========================
Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (06/23/2014 06:14:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SHARONJONESHALL)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174

Error: (06/23/2014 05:36:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/23/2014 05:28:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/23/2014 04:48:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/23/2014 04:40:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

Error: (06/23/2014 09:01:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{2259DBC1-EFFB-42B5-BA35-DFC0AAB2B3FB}\recordingmanager.exe

CodeIntegrity Errors:
===================================
Date: 2014-02-10 19:37:31.620
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-10 19:37:31.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-10 19:37:28.104
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-10 19:37:27.948
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-06 19:30:27.009
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-06 19:30:26.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-06 19:30:22.650
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-05 07:15:14.858
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-05 07:15:14.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-02-05 07:15:12.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 3794.98 MB
Available physical RAM: 2440.18 MB
Total Pagefile: 7634.98 MB
Available Pagefile: 5873.25 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:441.61 GB) (Free:340.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9093115C)

Partition: GPT Partition Type.

==================== End Of Log ============================

06/12/2014 19:51
Scan of all local drives

File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jauxstb.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jauxstb64.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbarsvc.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbprtct.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrmon.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrmon64.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrstub.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbrstub64.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jdatact.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jdlghk.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jdlghk64.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jfeedmg.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jhighin.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jhkstub.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jhtmlmu.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jhttpct.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jidle.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jieovr.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jmedint.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jmlbtn.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jPlugin.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jradio.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jreghk.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jregiet.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jscript.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jskin.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jskplay.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrchMn.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jsrchmr.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jtpinst.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\AppIntegrator64.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\AppIntegratorStub64.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\CREXT.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\CrExtP2j.exe is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\DPNMNGR.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\EXEMANAGER.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\FF-NativeMessagingDispatcher.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\Hpg64.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\T8EPMSUP.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\T8EXTEX.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\T8EXTPEX.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\T8HTML.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\T8RES.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\T8TICKER.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\UNIFIEDLOGGING.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\VERIFY.DLL is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Program Files (x86)\Wajam\Updater\update.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8RES.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8EPMSUP.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8BARSVC.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8BAR.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8PLUGIN.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#NPT8STUB.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8HIGHIN.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8MEDINT.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8SRCHMN.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8BRMON.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8BRSTUB.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8SRCAS.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8REGHK.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8HKSTUB.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8REGIET.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8REGFFT.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8HTML.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8HTMLMU.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8HTTPCT.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8DATACT.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8AUXSTB.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8DLGHK.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8IDLE.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8SKIN.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8SKPLAY.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8RADIO.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8MLBTN.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8FEEDMG.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8SCRIPT.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8TPINST.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8IEOVR.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8BPRTCT.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8TICKER.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#CREXT.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#CREXTPROC.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8EXTEX.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8EXTPEX.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8SRCHMR.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#APPINTEGRATOR64.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#APPINTEGRATORSTUB64.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#HPG64.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#UNIFIEDLOGGING.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#DPNMNGR.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#VERIFY.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#EXEMANAGER.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#FFNATIVE.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8BRMON64.EXE] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8AUXSTB64.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8BRSTUB64.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe|>[Embedded_R#T8DLGHK64.DLL] is infected by Win32:Mindspark-A [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe|>2jSetup.exe is infected by Win32:Mywebsearch-AB [PUP], Moved to chest
File C:\Users\Koony\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\05DD4E0B.exe is infected by Win32:Mywebsearch-AD [PUP], Moved to chest
File C:\Users\Koony\Downloads\Chrome_Setup (1).exe is infected by Win32:Somoto-N [PUP], Moved to chest
File C:\Users\Koony\Downloads\Chrome_Setup.exe is infected by Win32:Somoto-N [PUP], Moved to chest
Number of searched folders: 55177
Number of tested files: 1641695
Number of infected files: 104

----------------------------------------
06/16/2014 14:30
Scan of all local drives

Number of searched folders: 58894
Number of tested files: 1672406
Number of infected files: 0

#14
Naathim

Posted 25 June 2014 - 06:39 AM

GeekU Minion

Expert
4,568 posts

Please re-run Malwarebytes' Anti-Malware

Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
On completion of the scan (or after the reboot) select View Detailed Log

Select Export > Select text file and save it to the desktop.

Please post that log for my review.

= = = = = = = = = = = = = = = = = = = =

ESET Online Scanner
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox

Please visit ESET site.
Click there

If using Internet Explorer:

Accept the Terms of Use and click Start
Allow the running of add-on

If using other browsers:

Download esetsmartinstaller_enu.exe that you'll be given link to
Double click esetsmartinstaller_enu.exe
Allow the Terms of Use and click Start

Make sure that:

Remove found threats is unchecked
Scan archives is checked, in Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked

Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan
When the scan is done, click Finish
A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.