Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

multiple browser highjackers [Solved]

Started by devasativa , Oct 12 2014 06:21 AM

many malware probs beginning 6 months ago windows services disabled group policy disabled Start 123 highjacker on chrom gorilla Just starting your process so gratefully! Win 7 home premium Maxathon only clean browser

This topic is locked

#61
devasativa

Posted 06 November 2014 - 10:36 PM

Member

Topic Starter
Member
56 posts

eset.txt 2.46KB 235 downloads

#62
dbreeze

Posted 07 November 2014 - 09:27 AM

Trusted Helper

Malware Removal
2,216 posts

Ok, that kind of seems more like what I thought. Let's get rid of the malware there and then check the system once more.

Run a script to delete what we found >>>>

Download attached fixlist.txt file and save it to the Desktop.

Fixlist.txt 1.36KB 192 downloads

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Run a FRST64 scan to check what is left >>>>

If you still have a Addition.txt log file on your desktop, please delete it now.

Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator".

The tool will start to run.

When the tool opens click Yes to disclaimer. (if it does)

Select Additional.txt in the Optional Scans section of FRST64.

Press Scan button.

It will make two logs (FRST.txt and addition.txt) on your Desktop. Please open the logs in notepad and copy the logs and paste back in a message as a reply.

What we need from you now >>>>

The Fixlog.txt log text.
The latest FRST.txt log text.
The latest Addition.txt log text.
How is your system running now? Fans still running all the time? CPU loaded up?

#63
devasativa

Posted 07 November 2014 - 06:05 PM

Member

Topic Starter
Member
56 posts

I made a mistake right off the bat: I rmeant to click fix, but clicked scan, so I closed tool right away with task manager..is it ok to proceed or have I changed things?

#64
dbreeze

Posted 07 November 2014 - 07:33 PM

Trusted Helper

Malware Removal
2,216 posts

Nope, that is OK. The FRST tool does not change a thing with a scan (except make a new log). So you are good to start over and try again.

#65
devasativa

Posted 07 November 2014 - 07:35 PM

Member

Topic Starter
Member
56 posts

ok..doing it now.

#66
devasativa

Posted 07 November 2014 - 07:50 PM

Member

Topic Starter
Member
56 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Owner-1 at 2014-11-07 17:36:46 Run:4
Running from C:\Users\Owner-1\Desktop
Loaded Profile: Owner-1 (Available profiles: Owner-1 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\$RECYCLE.BIN\S-1-5-21-1864448044-3865198937-871872176-1005\$RACAYO1.exe
C:\$RECYCLE.BIN\S-1-5-21-1864448044-3865198937-871872176-1005\$RIHJVRD.exe
C:\$RECYCLE.BIN\S-1-5-21-1864448044-3865198937-871872176-1005\$RX8ER4W.exe
C:\Program Files\Adware-Removal-Tool\ARTP3.exe
C:\Users\Owner-1\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Downloads\49CD4C92ECA4BB4474AAD560ECEAD4A700000000000F8998.exe
C:\Users\Owner-1\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Downloads\67E44C013EE1FCEC44136D71551A95780000000001EA85A0.exe
C:\Users\Owner-1\Desktop\cnet securedlsubsonic.exe
C:\Users\Owner-1\Documents\New folder\cbsidlm-cbsi118-Advanced_SystemCare-ORG-10407614.exe
C:\Users\Owner-1\Downloads\recovasetup151.exe
C:\Users\Owner-1\Games\mystic palace slots hd.exe
C:\Users\Owner-1\Games\wms slots ? jungle wild.exe
C:\Users\Owner-1\Games\Unzipped Games\Broken.Age.Act.1-RELOADED\rld-bragea1.iso
C:\Users\Owner-1\Local Settings\SlimWare Utilities Inc\SlimCleaner\Downloads\49CD4C92ECA4BB4474AAD560ECEAD4A700000000000F8998.exe
C:\Users\Owner-1\Local Settings\SlimWare Utilities Inc\SlimCleaner\Downloads\67E44C013EE1FCEC44136D71551A95780000000001EA85A0.exe
C:\Users\Owner-1\Music\IGT.Slots.Paradise.Garden-HI2U\hi-igsl-pag.iso
C:\Users\Owner-1\Pictures\family\Family\kayla\hardware-helper-1100.exe
C:\Users\Owner-1\Pictures\flashgot\pf-setup-en-652.exe
EmptyTemp:
end

*****************

C:\$RECYCLE.BIN\S-1-5-21-1864448044-3865198937-871872176-1005\$RACAYO1.exe => Moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1864448044-3865198937-871872176-1005\$RIHJVRD.exe => Moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-1864448044-3865198937-871872176-1005\$RX8ER4W.exe => Moved successfully.
C:\Program Files\Adware-Removal-Tool\ARTP3.exe => Moved successfully.
C:\Users\Owner-1\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Downloads\49CD4C92ECA4BB4474AAD560ECEAD4A700000000000F8998.exe => Moved successfully.
C:\Users\Owner-1\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Downloads\67E44C013EE1FCEC44136D71551A95780000000001EA85A0.exe => Moved successfully.
C:\Users\Owner-1\Desktop\cnet securedlsubsonic.exe => Moved successfully.
C:\Users\Owner-1\Documents\New folder\cbsidlm-cbsi118-Advanced_SystemCare-ORG-10407614.exe => Moved successfully.
C:\Users\Owner-1\Downloads\recovasetup151.exe => Moved successfully.
C:\Users\Owner-1\Games\mystic palace slots hd.exe => Moved successfully.
Could not move "C:\Users\Owner-1\Games\wms slots ? jungle wild.exe" => Scheduled to move on reboot.
C:\Users\Owner-1\Games\Unzipped Games\Broken.Age.Act.1-RELOADED\rld-bragea1.iso => Moved successfully.
"C:\Users\Owner-1\Local Settings\SlimWare Utilities Inc\SlimCleaner\Downloads\49CD4C92ECA4BB4474AAD560ECEAD4A700000000000F8998.exe" => File/Directory not found.
"C:\Users\Owner-1\Local Settings\SlimWare Utilities Inc\SlimCleaner\Downloads\67E44C013EE1FCEC44136D71551A95780000000001EA85A0.exe" => File/Directory not found.
C:\Users\Owner-1\Music\IGT.Slots.Paradise.Garden-HI2U\hi-igsl-pag.iso => Moved successfully.
C:\Users\Owner-1\Pictures\family\Family\kayla\hardware-helper-1100.exe => Moved successfully.
C:\Users\Owner-1\Pictures\flashgot\pf-setup-en-652.exe => Moved successfully.
EmptyTemp: => Removed 307 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-07 17:47:45)<=

"C:\Users\Owner-1\Games\wms slots ? jungle wild.exe" => File could not move.

==== End of Fixlog ====

#67
devasativa

Posted 07 November 2014 - 07:53 PM

Member

Topic Starter
Member
56 posts

Running other scans. I really like my slimware products, especially slim cleaner. Will you please check it out on cnet?

#68
devasativa

Posted 07 November 2014 - 07:59 PM

Member

Topic Starter
Member
56 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Owner-1 (administrator) on DPLACE on 07-11-2014 17:51:28
Running from C:\Users\Owner-1\Desktop
Loaded Profile: Owner-1 (Available profiles: Owner-1 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Reason Software Company Inc.) C:\Users\Owner-1\AppData\Roaming\Reason\Boost\boost.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B4DB94BC-3512-4409-8E79-07D1ADC37C30} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {79A430CD-F74B-4E4B-A58F-64BE68948606} URL = http://www.facebook....q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65

FireFox:
========
FF ProfilePath: C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner-1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner-1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner-1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner-1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\searchplugins\duckduckgo.xml
FF Extension: Avira Browser Safety - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-11-01]
FF Extension: LastPass - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-04]
FF Extension: YouTube Unblocker - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-06]
FF Extension: Remove It Permanently - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2014-09-10]
FF Extension: Evernote Web Clipper - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-08-11]
FF Extension: Add to Search Bar - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: DuckDuckGo Plus - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: Perfect View - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-06]
FF Extension: All-in-One Sidebar - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-08-11]
FF Extension: FlashGot - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-08-06]
FF Extension: PictuTools - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{41e00859-3a98-4c4c-8292-2de820be3ffa}.xpi [2014-08-06]
FF Extension: FB Gamer - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{5ff60652-3079-4d1a-8328-3126890eae58}.xpi [2014-08-06]
FF Extension: RightToClick - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-08-06]
FF Extension: Red Cats (blue flavor) - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2014-08-04]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-21]

Chrome:
=======
CHR Profile: C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Art Project, powered by Google) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjiaooblldgcephecfcafbmckcfeep [2013-11-28]
CHR Extension: (Bejeweled) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-11-28]
CHR Extension: (Kicksend - Share Photos) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeknnigbopacbbcnnphalkgflgdlnoon [2014-09-28]
CHR Extension: (Theme Creator) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-11-28]
CHR Extension: (Worlize) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoleedjgbljpnebkobbongneigoelmnb [2013-11-28]
CHR Extension: (UJAM - Make your music.) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2013-11-28]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2013-11-28]
CHR Extension: (ezFractal - Strange Attractors App) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\befeejacabkplbgddjbhbbbbogmlomhg [2013-11-28]
CHR Extension: (Fotor Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-09-28]
CHR Extension: (Simple Image Resizer) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bficingcnodlbbildpbnjdgcmbipgnbi [2014-09-25]
CHR Extension: (Loupe Collage) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2013-11-28]
CHR Extension: (Pulsate) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli [2013-11-28]
CHR Extension: (Genie Jackpots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaafakedmhapgnckdkkadbjmoakikki [2013-11-28]
CHR Extension: (Cash of the Titans) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkbkhakepfeehemdjcegjlmcehjckid [2013-11-28]
CHR Extension: (Tarot Reading (FREE)) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegplnibkbhflhkcbohabjbmmokildob [2014-09-25]
CHR Extension: (Camera360网页版) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfojbadjlaaiddllnogeohfgamgedcfd [2014-09-29]
CHR Extension: (Pixsta) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc [2014-09-28]
CHR Extension: (Amigo's Gold) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfmlpgjkhndffmipbeemgbbdihoeihg [2013-11-28]
CHR Extension: (Weebly - Website Builder) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2013-11-28]
CHR Extension: (Panda Poet) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf [2013-11-28]
CHR Extension: (ColorMandala) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbafebdejmcgpbfkppndjeajebpppnei [2013-11-28]
CHR Extension: (Gaia Online) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcejlakbncmhdpijmpdepcjfjodfeljj [2013-11-28]
CHR Extension: (Fun Switcher) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2013-11-28]
CHR Extension: (PiXditor - Photo Effects) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddfflkeppghppjmfikeachhdbmpjiacj [2014-09-29]
CHR Extension: (CasinoRPG - Poker, Slots, Tycoon, MMORPG) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfadcimibgpdemlpghdofndlapaiciel [2014-09-25]
CHR Extension: (rotoscope) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhimnnhmaanmanmmokfpijgambokcpni [2014-09-29]
CHR Extension: (PicMonkey Extension) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-11-28]
CHR Extension: (Denki Word Quest) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibnbdoaalhdbddheelckdbghjhgkahn [2014-09-25]
CHR Extension: (Word Search) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2013-11-28]
CHR Extension: (Free Casino Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnomkmpkegpcpakppphmmaphjeabjkcp [2014-09-25]
CHR Extension: (Sumo Paint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2013-11-28]
CHR Extension: (ClanShot - Social Image Gallery) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkonmnepckfdddbbmjbnmgjagehnjde [2014-09-29]
CHR Extension: (Mahjongg) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2013-11-28]
CHR Extension: (Cop the Lot) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgjbkonhellpgfomncmljjdjejbocnc [2013-11-28]
CHR Extension: (Best Entertainment Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efngbgpefbbmjdekcljbnpgdjaegljpn [2013-11-28]
CHR Extension: (500px) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja [2014-09-28]
CHR Extension: (King Solomons) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlombkifoagifleccjfpbhfbjibpkfj [2014-09-25]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2013-11-28]
CHR Extension: (Fairest of Them All) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\elakbdjgendoliaogejfmnhdjchdkboc [2013-11-28]
CHR Extension: (Krishna 3D) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\feadgpcllehmhnikijnojlfccolbllge [2013-11-28]
CHR Extension: (PicMonkey) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-09-28]
CHR Extension: (Stupeflix Video Maker) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2013-11-28]
CHR Extension: (Avira Browser Safety) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-31]
CHR Extension: (C++ Tutorial) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkdcihamnidijdfmjeckahccaphlofi [2014-09-25]
CHR Extension: (Best Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekkkgddoohlaojggcdmihoeahbnlomf [2013-11-28]
CHR Extension: (Picadilo) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\geljjpapbfokifgnlnpdbiplebdhlein [2014-09-28]
CHR Extension: (Wallpaper Backgrounds - Free Wallpapers) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gggpfgbncdijopafhadglgjglomiaoba [2013-11-28]
CHR Extension: (Planetarium) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2013-11-28]
CHR Extension: (Autodesk 123D Catch) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmccldlkdbjakaebbpiojpfbambiphj [2013-11-28]
CHR Extension: (Heart) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnfkpbienbblndialjooaiaociigepn [2013-11-28]
CHR Extension: (Save to Google Drive) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-09-25]
CHR Extension: (Free Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgkjfgbkncmgekiidabkngldhokoio [2014-09-25]
CHR Extension: (ImageBot Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngdfkmfhlbimnaglgofeloikojnnaka [2013-11-28]
CHR Extension: (Hippo Paint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gocgkkkalgjbolohhjmbekcemffhijbf [2013-11-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-11-28]
CHR Extension: (FabCam) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2013-11-28]
CHR Extension: (Atavi bookmarks) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfephclnnkjfkfnmmcjampphpfgijgae [2014-09-25]
CHR Extension: (The Elementals) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2013-11-28]
CHR Extension: (Leprechaun's Luck) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhgkfjhkjijkebohallibampichdppc [2013-11-28]
CHR Extension: (Vimeo Couch Mode) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2014-09-25]
CHR Extension: (Mystery Case Files: Madame Fate ®) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjhpnaodhjkfpbhmjjakbngblomampb [2013-11-28]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-26]
CHR Extension: (Wild Gambler) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmkmbgbgljpggoifoncmahpbdpholjgo [2013-11-28]
CHR Extension: (Quotes Book) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfjeadhjbcepmknoanimdbemlobmlpe [2014-09-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-11-29]
CHR Extension: (Pixlr Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2013-11-28]
CHR Extension: (RealPlayer Downloader) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-30]
CHR Extension: (Lunapic Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2013-11-28]
CHR Extension: (Twinoo Brain Training - Test your Brain) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp [2013-11-28]
CHR Extension: (Qbox - Wisdom of the Ages) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfnimbehfhlelledoaemompbeihbhfb [2013-11-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2013-11-28]
CHR Extension: (Memrise) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanemchpnjhopmgcmmjhjcniogmoooc [2013-11-28]
CHR Extension: (Fish Tales 2) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaghkmcgmmageapicnkmimibjenkldkc [2013-11-28]
CHR Extension: (Cut the Rope) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-09-25]
CHR Extension: (Psykogif) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjoklgdmjnffhmmllncmleongbhpdok [2014-01-01]
CHR Extension: (Lucky Free Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklflojhcplaifoheemkildbmcjfhlij [2013-11-28]
CHR Extension: (Pixlr Touch Up) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-09-28]
CHR Extension: (Alice's Wonderland) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdhgjjadoofeaeajlpanbfgigchpgph [2013-11-28]
CHR Extension: (MakeGIF) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiibohfpiojejdooomkpmhhilobdkkle [2014-09-29]
CHR Extension: (Sand 2) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn [2013-11-28]
CHR Extension: (Little Alchemy) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-11-28]
CHR Extension: (Until AM Web App) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2013-11-28]
CHR Extension: (Rango: The WORLD) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladlgddeghalkmimaamlhbfaglfcdiep [2013-11-28]
CHR Extension: (Picozu) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajpehananomepaahgohcnmgkgmkhogf [2013-11-28]
CHR Extension: (Pix: Pixel Mixer) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjiacdnbellpbhocabghholhnlboibg [2014-09-25]
CHR Extension: (Best Game Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcedphmnlpmkcmhmpejeoalaeljdogia [2013-11-28]
CHR Extension: (Webcam Toy) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-11-28]
CHR Extension: (Comic Webcam) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffhmndpldceogndeognocbpmlgdemi [2014-09-29]
CHR Extension: (Picasa Extension (by Google)) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp [2013-11-28]
CHR Extension: (Vegas World) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkfngbagahkfkhdkaelphbgkaalajhim [2014-09-25]
CHR Extension: (Hottest Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\maceojlogikadmomgoojfcgbbmnjggje [2013-11-28]
CHR Extension: (SMS Quotes) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\maipobjfmhedpebidmfcpajlegghgmpk [2014-09-28]
CHR Extension: (Madalin - Casino) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbiiphkhamhjhlefjichkpdjncmmokje [2013-11-28]
CHR Extension: (Pocket) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-09-25]
CHR Extension: (PixFiltre - Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebhanlkihgdilmhiaiaclanodcalglc [2014-09-29]
CHR Extension: (Drive) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-09-26]
CHR Extension: (TextNow) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjdngkmnogclafejjgbgjjegoaahihg [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Hover Zoom) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-09-26]
CHR Extension: (GIFPAL) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2013-11-28]
CHR Extension: (piZap Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2013-11-28]
CHR Extension: (Foto Rulez) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk [2014-09-29]
CHR Extension: (Picky Wallpapers) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2013-11-28]
CHR Extension: (Scribble - stickies on steroids) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\offpaifnchmpbnjhjbhpdffahlofdkfb [2013-11-28]
CHR Extension: (Picasa) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-09-25]
CHR Extension: (Bastion) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2013-11-28]
CHR Extension: (Rollip - Photo Effects) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2014-09-28]
CHR Extension: (Falling Sand Game) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo [2013-11-28]
CHR Extension: (Psykopaint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-11-28]
CHR Extension: (Harry Trotter) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnfmgchcbgfcjhefffockipipfofamid [2013-11-28]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 1999-12-31] (Realsil Microelectronics Inc.) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-21] (RealNetworks, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-01] (AVG Technologies)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc.)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2013-11-07] ()
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 cpuz134; \??\C:\Users\Owner-1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 17:47 - 2014-11-07 17:47 - 00005432 _____ () C:\Windows\PFRO.log
2014-11-07 17:47 - 2014-11-07 17:47 - 00000056 _____ () C:\Windows\setupact.log
2014-11-07 17:47 - 2014-11-07 17:47 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 15:57 - 2014-11-07 15:57 - 00000000 ____D () C:\ProgramData\Avg_Update_1114av
2014-11-06 13:42 - 2014-11-06 13:42 - 02347384 _____ (ESET) C:\Users\Owner-1\Desktop\esetsmartinstaller_enu(1).exe
2014-11-04 20:51 - 2014-11-04 20:51 - 00000000 ____D () C:\Users\Owner-1\Desktop\tc new
2014-11-02 10:52 - 2014-11-02 10:52 - 00003558 _____ () C:\Windows\System32\Tasks\ShouldIRemoveIt_Notifications
2014-11-02 10:39 - 2014-11-02 10:39 - 00000000 _____ () C:\Users\Owner-1\Desktop\New Text Document.txt
2014-11-02 10:36 - 2014-11-06 20:33 - 00000000 ____D () C:\Users\Owner-1\Desktop\ESET
2014-11-02 03:39 - 2014-11-02 03:39 - 05378880 _____ (Reason Software Company Inc.) C:\Users\Owner-1\Desktop\boost.exe
2014-11-02 01:09 - 2014-11-02 01:09 - 02347384 _____ (ESET) C:\Users\Owner-1\Desktop\esetsmartinstaller_enu.exe
2014-11-02 01:07 - 2014-11-02 01:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-02 00:54 - 2014-11-02 00:54 - 00002964 _____ () C:\Windows\System32\Tasks\{77D135DD-1198-4F4F-B9AC-E541D875F73D}
2014-11-02 00:54 - 2014-11-02 00:54 - 00002964 _____ () C:\Windows\System32\Tasks\{60834D3D-7C0F-4A2E-AF58-692FDE8AF648}
2014-11-01 23:47 - 2014-11-01 23:47 - 00001050 _____ () C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2014-11-01 07:46 - 2014-11-01 07:46 - 00157292 _____ () C:\Users\Owner-1\Desktop\Shortcut.txt
2014-11-01 07:41 - 2014-11-07 15:59 - 00000000 ____D () C:\Users\Owner-1\Desktop\FRST-OlderVersion
2014-11-01 05:24 - 2014-11-01 05:24 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-11-01 04:28 - 2014-11-01 05:09 - 00000000 ____D () C:\Users\Owner-1\Documents\for levi
2014-11-01 00:49 - 2014-11-01 00:50 - 00002095 _____ () C:\Users\Owner-1\Desktop\Autodesk Pixlr.lnk
2014-11-01 00:25 - 2014-11-01 08:04 - 00001086 _____ () C:\Users\Public\Desktop\Pixlr .lnk
2014-11-01 00:25 - 2014-11-01 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-11-01 00:25 - 2014-11-01 00:25 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2014-10-29 12:35 - 2014-10-29 12:47 - 00000000 ____D () C:\Users\Owner-1\Documents\Youcam
2014-10-28 15:20 - 2014-10-28 15:20 - 00004722 _____ () C:\Users\Owner-1\Desktop\JRT.txt
2014-10-28 15:12 - 2014-10-28 15:12 - 00000000 ____D () C:\Windows\ERUNT
2014-10-28 13:37 - 2014-10-28 13:37 - 01998336 _____ () C:\Users\Owner-1\Desktop\adwcleaner_4.002.exe
2014-10-28 13:36 - 2014-10-28 13:36 - 01706144 _____ (Thisisu) C:\Users\Owner-1\Desktop\JRT.exe
2014-10-25 12:36 - 2014-10-28 14:49 - 00000000 ____D () C:\AdwCleaner
2014-10-23 16:47 - 2014-10-23 16:47 - 00001242 _____ () C:\Users\Owner-1\Desktop\Paint.lnk
2014-10-22 14:34 - 2014-10-22 14:41 - 00000000 ____D () C:\Users\Owner-1\Desktop\runassystem
2014-10-22 14:26 - 2014-10-22 14:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DPLACE-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-22 14:24 - 2014-10-22 14:24 - 00000000 ____D () C:\RegBackup
2014-10-22 14:23 - 2014-10-22 14:23 - 00002195 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-22 14:23 - 2014-10-22 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-22 14:23 - 2014-10-22 14:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-22 14:19 - 2014-10-22 14:19 - 04215584 _____ () C:\Users\Owner-1\Desktop\tweaking.com_registry_backup_setup.exe
2014-10-20 15:19 - 2014-10-20 15:19 - 00008424 _____ () C:\Users\Owner-1\Desktop\Vinking AntiVirus Security Warning.htm
2014-10-20 15:19 - 2014-10-20 15:19 - 00000000 ____D () C:\Users\Owner-1\Desktop\Vinking AntiVirus Security Warning_files
2014-10-18 11:38 - 2014-10-18 11:38 - 00002761 _____ () C:\Users\Owner-1\Desktop\FSS.txt
2014-10-18 11:36 - 2014-10-18 11:36 - 00415232 _____ (Farbar) C:\Users\Owner-1\Desktop\FSS.exe
2014-10-17 19:52 - 2014-11-01 07:46 - 00036668 _____ () C:\Users\Owner-1\Desktop\Addition.txt
2014-10-17 19:49 - 2014-11-07 17:53 - 00031812 _____ () C:\Users\Owner-1\Desktop\FRST.txt
2014-10-17 19:49 - 2014-11-07 17:51 - 00000000 ____D () C:\FRST
2014-10-17 19:47 - 2014-11-07 15:59 - 02114560 _____ (Farbar) C:\Users\Owner-1\Desktop\FRST64.exe
2014-10-17 19:45 - 2014-10-17 19:45 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Avg2015
2014-10-17 18:46 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 18:46 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 18:46 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 18:46 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 18:46 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 18:46 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 18:46 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 18:46 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 18:46 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 18:46 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 18:46 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 18:46 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 18:46 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 18:46 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 18:46 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 18:46 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 18:46 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 18:46 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 18:46 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 18:46 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 18:46 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 18:46 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 18:46 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 18:46 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 18:46 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 18:46 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 18:46 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 18:45 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 18:45 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 18:45 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 18:45 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 18:45 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 18:45 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 18:45 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 18:45 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 18:45 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 18:45 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 18:45 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 18:45 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 18:45 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 18:45 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 18:45 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 18:45 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 18:45 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 18:45 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 18:45 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 18:45 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 18:45 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 18:45 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 18:45 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 18:45 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 18:45 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 18:45 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 18:45 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 18:45 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 18:45 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 18:45 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 18:45 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 18:45 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 18:45 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 18:45 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 18:45 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 18:45 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 18:45 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 18:45 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 18:45 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 18:45 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 18:45 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 18:43 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 18:43 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 18:43 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 18:43 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 18:43 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 18:43 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 18:43 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 18:41 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 18:41 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 18:40 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 18:40 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 18:40 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 18:40 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 18:39 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 18:39 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 18:39 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 18:39 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 18:39 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 18:39 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 18:39 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 18:39 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 18:39 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 18:39 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 18:39 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 18:39 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 18:39 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 18:39 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 18:39 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 18:39 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 04:02 - 2014-10-12 04:18 - 00079182 _____ () C:\Users\Owner-1\Desktop\Extras.Txt
2014-10-12 04:00 - 2014-10-12 04:00 - 00120358 _____ () C:\Users\Owner-1\Desktop\OTL.Txt
2014-10-12 03:39 - 2014-10-12 03:39 - 00602112 _____ (OldTimer Tools) C:\Users\Owner-1\Desktop\OTL.exe
2014-10-12 03:19 - 2014-10-12 03:19 - 00008847 _____ () C:\Users\Owner-1\Documents\newlist.txt
2014-10-11 14:34 - 2014-10-11 14:34 - 00000000 ____D () C:\ProgramData\.mono
2014-10-10 10:44 - 2014-10-10 10:44 - 12200491 _____ () C:\Users\Owner-1\Desktop\attachments.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 17:53 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 17:51 - 2011-12-17 00:42 - 01708176 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 17:47 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 17:43 - 2014-06-03 12:00 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
2014-11-07 17:36 - 2014-09-07 11:35 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-11-07 17:36 - 2014-08-23 23:33 - 00000000 ____D () C:\Users\Owner-1\Documents\New folder
2014-11-07 17:36 - 2013-12-22 23:14 - 00000000 ____D () C:\Users\Owner-1\Games
2014-11-07 17:29 - 2013-11-29 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-07 17:27 - 2013-11-13 19:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 17:24 - 2013-04-27 00:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 16:00 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 16:00 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 15:58 - 2014-08-30 05:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-07 15:55 - 2014-06-21 08:40 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1864448044-3865198937-871872176-1005
2014-11-06 18:37 - 2014-01-06 00:32 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
2014-11-05 12:43 - 2014-06-03 12:00 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
2014-11-05 00:37 - 2014-01-06 00:32 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
2014-11-04 23:06 - 2013-11-25 12:39 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner-1
2014-11-04 23:06 - 2013-11-25 12:39 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner-1.job
2014-11-03 05:07 - 2014-09-02 20:34 - 00000000 ____D () C:\Users\Owner-1\Documents\My Kindle Content
2014-11-03 02:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-11-03 01:21 - 2013-11-13 19:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 18:04 - 2013-12-08 13:49 - 00003150 _____ () C:\Windows\System32\Tasks\MirageAgent
2014-11-02 18:03 - 2013-11-13 19:34 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-02 05:22 - 2014-08-14 04:05 - 00000000 ____D () C:\Users\Owner-1\Downloads\Animated Screensaver Maker 3.1.0
2014-11-01 23:47 - 2014-05-21 06:55 - 00003590 _____ () C:\Windows\System32\Tasks\Maxthon Update
2014-11-01 08:20 - 2014-08-29 01:36 - 00001174 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-01 08:14 - 2014-08-29 01:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 08:14 - 2013-12-01 17:02 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\CrashDumps
2014-11-01 05:24 - 2013-11-19 14:31 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Google
2014-11-01 02:11 - 2014-09-29 08:14 - 00000000 ____D () C:\Users\Owner-1\Desktop\New folder
2014-10-29 05:00 - 2009-07-13 21:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-28 13:48 - 2013-04-26 23:28 - 00001021 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-28 10:40 - 2014-09-28 23:27 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 16:44 - 2013-11-26 21:36 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Mozilla
2014-10-22 14:22 - 2013-11-13 19:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 11:49 - 2014-08-27 10:59 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\BitTorrent
2014-10-18 11:38 - 2014-06-03 12:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA
2014-10-18 11:38 - 2014-06-03 12:00 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core
2014-10-17 19:36 - 2009-07-13 20:45 - 00430568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 19:21 - 2013-08-01 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 19:02 - 2013-05-01 22:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 03:26 - 2013-12-05 05:07 - 00000000 ___RD () C:\Users\Owner-1\Dropbox
2014-10-11 23:41 - 2013-11-16 17:57 - 00000000 ____D () C:\Users\Owner-1
2014-10-10 19:44 - 2014-02-07 18:25 - 00000000 ____D () C:\Users\Owner-1\Desktop\My Shared Folder

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-06 18:17

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Owner-1 at 2014-11-07 17:55:18
Running from C:\Users\Owner-1\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Any Video Converter 5.6.4 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Ares 2.2.7 (HKLM-x32\...\Ares) (Version: 2.2.7-Build#3051 - Seekar Ltd)
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.0.3.0 - Autodesk)
Autodesk Pixlr (x32 Version: 1.0.3.0 - Autodesk) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4189 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.15 - AVG Technologies)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - )
Blio (HKLM-x32\...\{0361F83A-9DFC-483F-BC9E-7A73170612EA}) (Version: 3.3.9721 - K-NFB Reading Technology, Inc.)
Boost (HKCU\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.)
Boost (Version: 1.0.2 - Reason Software Company Inc.) Hidden
Broken Age (HKLM-x32\...\Broken Age_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragonboard 0.9 (HKLM-x32\...\Dragonboard_is1) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DVDFab 9.1.5.9 (25/07/2014) (HKLM-x32\...\DVDFab 9 US_is1) (Version: - Fengtao Software Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
grillaprice (HKLM-x32\...\grillaprice) (Version: - )
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6466.0 - IDT)
Jewel Quest Mysteries 4 – The Oracle of Ur Collector’s Edition (HKLM-x32\...\{4B61EB17-1D01-49CA-A802-7DDB8E8C2960}_is1) (Version: - FRGames)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kabloom (HKLM-x32\...\Kabloom_is1) (Version: - DigiPen (USA) Corp.)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.2.2000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Research Cliplets (HKLM\...\{A4DA1935-2F04-4AFF-BE48-085CCC7BD0CB}) (Version: 1.1.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystic Palace Slots HD (HKLM-x32\...\{0B8F985B-260F-465A-B4C7-2C68F1DED218}_is1) (Version: - FRGames)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Photosynth 2.0114.0807.1507 (HKLM-x32\...\{7799F944-C219-4F7B-8A41-8B8F38DA4D69}) (Version: 3.0114.0807.1507 - Microsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Web Albums Live Publisher (HKLM-x32\...\{5B7F33B3-C72C-4408-8AF9-B855775F51DB}) (Version: 2.4.0 - PicasaWebPublisher)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version: - Daum Communications Corp.)
Publish to Photo Frame (HKLM-x32\...\{AD30EBFD-3F8A-491F-8C42-90BD51D7A2B9}) (Version: 1.0.1.0 - Roger Lipscombe)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Runeshift (HKLM-x32\...\Runeshift_is1) (Version: - DigiPen Institute of Technology)
Scanner Mouse (HKLM-x32\...\{5BFED7F5-6423-49AC-82C4-A4648347AC0B}) (Version: 1.7.1 - Dacuda)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Unfolding Tale 1.0 (HKLM-x32\...\{C6B7023C-2EE6-45A4-9670-4549D9829DD0}_is1) (Version: - DigiPen Institute of Technology)
Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Screensaver 1.0 (HKLM-x32\...\Video Screensaver) (Version: 1.0 - rodflash.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - %HP% (HKLM\...\D8A96622E135715AED5E5B6001904E8687BD9996) (Version: - %HP%)
Windows Driver Package - KEYLOK (usbkey) USB (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Driver Package - Microcomputer Applications, Inc. (usbkey) USB (06/10/2010 32.0.0.0) (HKLM\...\A3870D6BEDDC4A8FF6622FE720C457528EFAA4F3) (Version: 06/10/2010 32.0.0.0 - Microcomputer Applications, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WMS Slots – Jungle Wild (HKLM-x32\...\{25F3B08A-F579-40E8-A8D8-42D7AFD93F18}_is1) (Version: - FRGames)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

25-09-2014 10:00:36 Windows Update
29-09-2014 11:52:20 Removed SpyHunter
29-09-2014 14:36:33 Installed Photosynth 2.0114.0807.1507
01-10-2014 12:21:13 Windows Update
02-10-2014 10:00:24 Windows Update
18-10-2014 03:01:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-09-15 16:17 - 2014-09-15 16:17 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00AA0A06-BAEF-463E-96F6-53B56CD3473A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-06] (Facebook Inc.)
Task: {0965CFEF-3D79-4871-9955-98775C3AB2C5} - System32\Tasks\HPCeeScheduleForOwner-1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {09D4AB3B-6963-4149-B965-807FB22C1E51} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {20E8DD6B-05F3-4CA5-ABA5-11C9DB6595BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {4BE397D8-DE03-4ACA-AB32-0AA58EA4A8FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {4D4FC430-FBD7-4CB5-BA1A-C4207460695B} - System32\Tasks\Boost => C:\Users\Owner-1\AppData\Roaming\Reason\Boost\boost.exe [2013-11-22] (Reason Software Company Inc.)
Task: {5B5E5C6B-01D4-4474-B251-9095C6E5BADA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-06] (Facebook Inc.)
Task: {611C38DE-97FF-49D4-A9B3-014C23B446FF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1864448044-3865198937-871872176-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {67563A5F-B8E1-4EC0-9A11-4E06F45E2861} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-25] (CyberLink)
Task: {6967B603-BB21-4D09-A0C6-531FFF109B10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {7993C8AC-4D96-4B41-AA9B-9A93722F817C} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {8270CCE5-FFBF-42B4-951C-0236347F62DF} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe [2014-09-10] (Maxthon International ltd.)
Task: {8D901B83-99E7-445F-A4FC-AA4A363DCD00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {98F36AF1-1521-4480-A1C8-029BE73373AD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1864448044-3865198937-871872176-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A3FE437A-04E8-4EAC-BBD4-91412668C9A2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1864448044-3865198937-871872176-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A9B162E8-7334-4507-889D-02A48EA70D6E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1864448044-3865198937-871872176-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {AA56A0A1-1607-4C53-906B-EDF4C01202AC} - System32\Tasks\ShouldIRemoveIt => C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-12-09] (Reason Software Company Inc.)
Task: {B10A56D0-D5AF-453A-9F73-107707E63C56} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1864448044-3865198937-871872176-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {B4F67FF7-7B79-4AA4-B0B2-2D959B2FA535} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {BB92E39A-CAED-48B3-AC51-1C462331E487} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {D21317B6-B1A4-4B17-8B96-660100BA7DD2} - System32\Tasks\ShouldIRemoveIt_Notifications => C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-12-09] (Reason Software Company Inc.)
Task: {D31761B2-D73B-43D5-884E-8B2F62BD91A4} - System32\Tasks\{77D135DD-1198-4F4F-B9AC-E541D875F73D} => C:\Users\Public\Desktop\Maxthon Cloud Browser.exe
Task: {E9E9698E-D767-4CD5-8F93-8B117099A399} - System32\Tasks\{60834D3D-7C0F-4A2E-AF58-692FDE8AF648} => C:\Users\Public\Desktop\Maxthon Cloud Browser.exe
Task: {F88EF904-D938-4F00-A37C-1EC7A5247F44} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner-1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ShouldIRemoveIt.job => C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 3

========================= Accounts: ==========================

Administrator (S-1-5-21-1864448044-3865198937-871872176-500 - Administrator - Disabled)
Guest (S-1-5-21-1864448044-3865198937-871872176-501 - Limited - Enabled) => C:\Users\Guest
Owner-1 (S-1-5-21-1864448044-3865198937-871872176-1005 - Administrator - Enabled) => C:\Users\Owner-1

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2014 05:48:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/07/2014 05:48:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/07/2014 05:48:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/07/2014 05:48:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/07/2014 05:48:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 05:48:02 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (11/07/2014 04:02:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 4.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13f8

Start Time: 01cffae6dbd58fd7

Termination Time: 0

Application Path: C:\Users\Owner-1\Desktop\FRST64.exe

Report Id: 58c5dae5-66da-11e4-afb7-ec9a74573b2c

Error: (11/07/2014 03:53:18 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (11/07/2014 03:53:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 06:19:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (11/07/2014 05:54:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:54:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:54:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:49:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:49:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:49:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:48:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:48:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:48:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (11/07/2014 05:47:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Microsoft Office Sessions:
=========================
Error: (11/07/2014 05:48:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

Error: (11/07/2014 05:48:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

Error: (11/07/2014 05:48:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner-1\Desktop\esetsmartinstaller_enu.exe

Error: (11/07/2014 05:48:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner-1\Desktop\esetsmartinstaller_enu(1).exe

Error: (11/07/2014 05:48:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 05:48:02 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (11/07/2014 04:02:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe4.11.2014.013f801cffae6dbd58fd70C:\Users\Owner-1\Desktop\FRST64.exe58c5dae5-66da-11e4-afb7-ec9a74573b2c

Error: (11/07/2014 03:53:18 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (11/07/2014 03:53:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/06/2014 06:19:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{20C2051A-1ACA-48B4-9BA5-24625DCBD880}\recordingmanager.exe

==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 3561.41 MB
Available physical RAM: 2051.95 MB
Total Pagefile: 7120.99 MB
Available Pagefile: 5741.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.65 GB) (Free:82.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.95 GB) (Free:15.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 895A24CC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

#69
dbreeze

Posted 07 November 2014 - 08:09 PM

Trusted Helper

Malware Removal
2,216 posts

Slimware is not bad, per se, but the downloads had some adware ToolBars in them. The program files are fine (as far as I can tell).

Thank you for the logs; I will give them them the thrice over and get back to you this evening.

#70
devasativa

Posted 07 November 2014 - 10:47 PM

Member

Topic Starter
Member
56 posts

I am careful with cnet or other pogram installs to decline all but the program I wanted to aquire..stupid gorilla price was a regrettable exception, I accidentally oked it and there was no back button to decline..what a pain that was!..Also, I am hating avg free..I used to have the old 6.0 and loved it, but this version contually nags to get the upgrade, so I want to get rid of it. Also when I can restore my mbam, I want something compatible. What do you know of Comodo? or can you suggest a good free program..I could always revert to windows defende?

#71
devasativa

Posted 09 November 2014 - 10:43 PM

Member

Topic Starter
Member
56 posts

Still awaiting your next instruction. How are logs, and AV suggestions.

#72
dbreeze

Posted 10 November 2014 - 12:44 AM

Trusted Helper

Malware Removal
2,216 posts

I'm sorry; I am awaiting my instructor and had hoped they would answer by now but I know they will by morning (my time; Pacific Time zone). The logs looked fine to me and we will discuss AV at that time also. Thanks for hanging in there with me; sorry it has been so rough here.

#73
dbreeze

Posted 10 November 2014 - 09:01 AM

Trusted Helper

Malware Removal
2,216 posts

Alrighty now!! It has been a long time coming but I will say that the logs look clean and we need to remove our tools.

First, please uninstall ESET Online Scanner.

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

ESET Online Scanner v3

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

Second, please run DelFix to remove the other tools.

We need to remove the tools we've used during cleaning your machine

Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
- Activate UAC
- Create registry backup
- Purge system restore
- Reset system settings
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
Once you have the log file saved, please reboot your system to complete the clean up process.

#74
devasativa

Posted 10 November 2014 - 09:07 PM

Member

Topic Starter
Member
56 posts

# DelFix v10.8 - Logfile created 10/11/2014 at 19:02:10
# Updated 29/07/2014 by Xplode
# Username : Owner-1 - DPLACE
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Owner-1\Desktop\FRST-OlderVersion
Deleted : C:\Users\Owner-1\Desktop\mbar
Deleted : C:\Users\Owner-1\Desktop\Addition.txt
Deleted : C:\Users\Owner-1\Desktop\adwcleaner_4.002.exe
Deleted : C:\Users\Owner-1\Desktop\esetsmartinstaller_enu(1).exe
Deleted : C:\Users\Owner-1\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Owner-1\Desktop\Extras.Txt
Deleted : C:\Users\Owner-1\Desktop\Fixlog.txt
Deleted : C:\Users\Owner-1\Desktop\FRST.txt
Deleted : C:\Users\Owner-1\Desktop\FRST64.exe
Deleted : C:\Users\Owner-1\Desktop\FSS.exe
Deleted : C:\Users\Owner-1\Desktop\FSS.txt
Deleted : C:\Users\Owner-1\Desktop\JRT.exe
Deleted : C:\Users\Owner-1\Desktop\JRT.txt
Deleted : C:\Users\Owner-1\Desktop\OTL.Txt
Deleted : C:\Users\Owner-1\Desktop\OTL.exe
Deleted : C:\Users\Owner-1\Desktop\Shortcut.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #181 [Windows Update | 09/25/2014 10:00:36]
Deleted : RP #182 [Removed SpyHunter | 09/29/2014 11:52:20]
Deleted : RP #183 [Installed Photosynth 2.0114.0807.1507 | 09/29/2014 14:36:33]
Deleted : RP #184 [Windows Update | 10/01/2014 12:21:13]
Deleted : RP #185 [Windows Update | 10/02/2014 10:00:24]
Deleted : RP #186 [Windows Update | 10/18/2014 03:01:05]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########