Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome.exe taking up copious amounts of bandwidth [Solved]

Chrome.exe IdleCrawler

  • This topic is locked This topic is locked

#1
cooperjb12

cooperjb12

    New Member

  • Member
  • Pip
  • 5 posts

So this is an issue I have seen on here before but I am not sure how to tackle it myself. I recently uninstalled Google Chrome as it had become quite the resource hog, but just today I noticed that it was taking up ridiculous amounts of my CPU usage and Network usage. Windows Resource Monitor identifies it as Chromium in the description. In this topic it is also covered, his issues are the exact same as mine.


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 

 


  • 0

#3
cooperjb12

cooperjb12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here's the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by Cooper (administrator) on COOPER-PC on 18-10-2014 17:09:44
Running from C:\Users\Cooper\Desktop
Loaded Profile: Cooper (Available profiles: Cooper)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Spotify Ltd) C:\Users\Cooper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-08-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1332800051-3721354863-2218191310-1000\...\Run: [Spotify] => C:\Users\Cooper\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-1332800051-3721354863-2218191310-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1332800051-3721354863-2218191310-1000\...\Run: [Spotify Web Helper] => C:\Users\Cooper\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-02] (Spotify Ltd)
HKU\S-1-5-21-1332800051-3721354863-2218191310-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-10-17] (Raptr, Inc)
HKU\S-1-5-21-1332800051-3721354863-2218191310-1000\...\MountPoints2: {a7c65601-1aa6-11e4-ada8-806e6f6e6963} - explorer index.html

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Cooper\AppData\Roaming\Mozilla\Firefox\Profiles\qppva13e.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.11.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

Chrome:
=======
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-30] (Broadcom Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 17:09 - 2014-10-18 17:10 - 00009950 _____ () C:\Users\Cooper\Desktop\FRST.txt
2014-10-18 17:09 - 2014-10-18 17:09 - 00000000 ____D () C:\FRST
2014-10-18 17:08 - 2014-10-18 17:09 - 02112000 _____ (Farbar) C:\Users\Cooper\Desktop\FRST64.exe
2014-10-18 16:50 - 2014-10-18 16:50 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 920153.crdownload
2014-10-18 16:49 - 2014-10-18 16:49 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 486728.crdownload
2014-10-18 16:49 - 2014-10-18 16:49 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 257049.crdownload
2014-10-18 16:48 - 2014-10-18 16:48 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 663561.crdownload
2014-10-18 16:47 - 2014-10-18 16:47 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 919286.crdownload
2014-10-18 16:46 - 2014-10-18 16:46 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 648726.crdownload
2014-10-18 16:03 - 2014-10-18 16:03 - 00000000 ____D () C:\_OTL
2014-10-18 15:40 - 2014-10-18 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Cooper\Downloads\OTL.exe
2014-10-18 15:36 - 2014-10-18 15:36 - 01976320 _____ () C:\Users\Cooper\Downloads\AdwCleaner.exe
2014-10-18 15:29 - 2014-10-18 15:36 - 00347804 _____ (BetOnSoft N.V.) C:\Users\Cooper\Downloads\Unconfirmed 804211.crdownload
2014-10-18 14:58 - 2014-10-18 14:58 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 331003.crdownload
2014-10-18 14:56 - 2014-10-18 14:56 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 794099.crdownload
2014-10-18 14:55 - 2014-10-18 14:55 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 869326.crdownload
2014-10-18 00:05 - 2014-10-18 00:05 - 00780288 _____ ( ) C:\Users\Cooper\Downloads\Unconfirmed 976717.crdownload
2014-10-18 00:03 - 2014-10-18 00:03 - 00844992 _____ () C:\Users\Cooper\Downloads\Unconfirmed 741174.crdownload
2014-10-18 00:03 - 2014-10-18 00:03 - 00844992 _____ () C:\Users\Cooper\Downloads\Unconfirmed 44352.crdownload
2014-10-18 00:02 - 2014-10-18 00:02 - 00941400 _____ (Download Assistant ) C:\Users\Cooper\Downloads\Unconfirmed 194813.crdownload
2014-10-18 00:01 - 2014-10-18 00:01 - 00780288 _____ ( ) C:\Users\Cooper\Downloads\Unconfirmed 63687.crdownload
2014-10-18 00:00 - 2014-10-18 00:00 - 00844992 _____ () C:\Users\Cooper\Downloads\Unconfirmed 581806.crdownload
2014-10-17 23:26 - 2014-10-17 23:26 - 00780288 _____ ( ) C:\Users\Cooper\Downloads\Unconfirmed 889828.crdownload
2014-10-17 22:26 - 2014-10-17 22:26 - 00941416 _____ (Download Assistant ) C:\Users\Cooper\Downloads\Unconfirmed 53063.crdownload
2014-10-17 21:59 - 2014-10-17 22:00 - 00000000 ____D () C:\Users\Cooper\Desktop\OriginalProjectGreenfoot
2014-10-16 22:35 - 2014-10-16 22:35 - 00000000 ____D () C:\Users\Cooper\Downloads\CS_GO Wallpapers - Imgur
2014-10-16 22:35 - 2014-10-16 22:35 - 00000000 ____D () C:\Users\Cooper\Desktop\CS_GO Wallpapers - Imgur
2014-10-16 22:34 - 2014-10-16 22:35 - 12590015 _____ () C:\Users\Cooper\Downloads\CS_GO Wallpapers - Imgur.zip
2014-10-16 19:00 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 19:00 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 19:00 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 19:00 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 19:00 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 19:00 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 19:00 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 19:00 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 19:00 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 19:00 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 19:00 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 19:00 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 19:00 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 19:00 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 19:00 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 19:00 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 19:00 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 19:00 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 19:00 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 19:00 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 19:00 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 19:00 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 19:00 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 19:00 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 19:00 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 19:00 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 19:00 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 19:00 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 19:00 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 19:00 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 19:00 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 19:00 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 19:00 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 19:00 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 19:00 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 19:00 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 19:00 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 19:00 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 19:00 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 19:00 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 19:00 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 19:00 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 19:00 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 19:00 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 19:00 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 19:00 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 19:00 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 19:00 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 19:00 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 19:00 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 19:00 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 19:00 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 19:00 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 19:00 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 19:00 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 19:00 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 19:00 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 19:00 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 19:00 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 19:00 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 19:00 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 19:00 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 19:00 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 18:57 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 18:57 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 18:57 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 18:57 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 18:57 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 18:57 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 18:57 - 2014-07-16 22:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 18:57 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 18:57 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 18:57 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 18:57 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 18:57 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 18:57 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 18:57 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 18:57 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 18:57 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 18:57 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 18:57 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 18:57 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 18:57 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 18:57 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 21:24 - 2014-10-14 21:25 - 08865324 _____ () C:\Users\Cooper\Downloads\goodgame_poker_press.zip
2014-10-14 21:22 - 2014-10-14 21:22 - 04163596 _____ () C:\Users\Cooper\Downloads\goodgame_gangster_press.zip
2014-10-12 22:10 - 2014-10-12 22:10 - 00421608 _____ () C:\Users\Cooper\Downloads\6DEA.tmp
2014-10-10 22:37 - 2014-10-10 22:38 - 00001775 _____ () C:\Users\Cooper\Downloads\PizzaProgram.java
2014-10-10 22:37 - 2014-10-10 22:37 - 00001752 _____ () C:\Users\Cooper\Downloads\PizzaProgram.java~
2014-10-10 18:37 - 2014-10-10 18:37 - 00007596 _____ () C:\Users\Cooper\Documents\cc_20141010_183735.reg
2014-10-09 18:34 - 2014-10-09 18:34 - 00058352 _____ () C:\Users\Cooper\Downloads\Java Programs.zip
2014-10-08 21:47 - 2014-10-08 21:47 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\Macromedia
2014-10-08 21:47 - 2014-10-08 21:47 - 00000000 ____D () C:\Users\Cooper\AppData\Local\Macromedia
2014-10-08 21:30 - 2014-10-18 16:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 21:30 - 2014-10-08 21:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-08 21:30 - 2014-10-08 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-08 21:30 - 2014-10-08 21:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-08 21:30 - 2014-10-08 21:30 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-08 21:30 - 2014-10-08 21:30 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-08 21:29 - 2014-10-08 21:47 - 00000000 ____D () C:\Users\Cooper\AppData\Local\Adobe
2014-10-08 20:53 - 2014-10-08 20:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-08 20:53 - 2014-10-08 20:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-08 20:53 - 2014-10-08 20:53 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\Mozilla
2014-10-08 20:53 - 2014-10-08 20:53 - 00000000 ____D () C:\Users\Cooper\AppData\Local\Mozilla
2014-10-08 20:53 - 2014-10-08 20:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-08 20:53 - 2014-10-08 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-08 20:53 - 2014-10-08 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-06 17:38 - 2014-10-06 17:38 - 00001185 _____ () C:\Users\Cooper\Downloads\JFrameTemplate.java.zip
2014-10-06 17:38 - 2014-10-06 17:38 - 00000000 ____D () C:\Users\Cooper\Downloads\JFrameTemplate.java
2014-10-05 10:54 - 2014-10-05 10:54 - 00000000 ____D () C:\Users\Cooper\Documents\Network Monitor 3
2014-10-05 10:53 - 2014-10-05 10:53 - 00001016 _____ () C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
2014-10-05 10:53 - 2014-10-05 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2014-10-05 10:53 - 2014-10-05 10:53 - 00000000 ____D () C:\Program Files\Microsoft Network Monitor 3
2014-10-04 12:30 - 2014-10-04 12:30 - 00155564 _____ () C:\Users\Cooper\Downloads\ReadyShare Connect Utility.zip
2014-10-04 12:30 - 2014-10-04 12:30 - 00000000 ____D () C:\Users\Cooper\Downloads\ReadyShare Connect Utility
2014-10-04 10:32 - 2014-10-04 10:32 - 00000000 ____D () C:\ProgramData\ATI
2014-10-04 10:30 - 2014-10-04 10:30 - 00061880 _____ () C:\Windows\SysWOW64\CCCInstall_201410041030102940.log
2014-10-04 10:30 - 2014-10-04 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-10-04 10:28 - 2014-10-04 10:28 - 00000000 ____D () C:\Program Files\AMD
2014-10-04 10:02 - 2014-10-04 10:14 - 286582040 _____ (AMD Inc.) C:\Users\Cooper\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-10-02 22:37 - 2014-10-02 22:37 - 00036948 _____ () C:\Users\Cooper\Downloads\Research on Java Swing Class Assignment.pptx.pptx
2014-10-02 22:35 - 2014-10-02 22:35 - 00502272 _____ () C:\Users\Cooper\Downloads\swing.ppt
2014-10-02 21:28 - 2014-10-02 21:28 - 00045348 _____ () C:\Users\Cooper\Downloads\User Interface Design Development Process and Principles Reflection.pptx.pptx
2014-10-02 20:57 - 2014-10-02 20:57 - 00017561 _____ () C:\Users\Cooper\Downloads\CrabWorld (1).zip
2014-10-02 20:57 - 2014-10-02 20:57 - 00000000 ____D () C:\Users\Cooper\Downloads\CrabWorld (1)
2014-10-02 20:39 - 2014-10-18 16:10 - 00000000 ____D () C:\AdwCleaner
2014-10-02 20:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-02 20:38 - 2014-10-02 20:39 - 01375089 _____ () C:\Users\Cooper\Downloads\adwcleaner_3.311.exe
2014-10-02 20:07 - 2014-10-02 20:07 - 00000000 ____D () C:\Users\Cooper\Downloads\project (1)
2014-10-02 20:06 - 2014-10-02 20:54 - 00000000 ____D () C:\Users\Cooper\Desktop\Finishing the Game
2014-10-02 20:05 - 2014-10-02 20:05 - 00000000 ____D () C:\Users\Cooper\Downloads\sounds
2014-10-02 20:05 - 2014-10-02 20:05 - 00000000 ____D () C:\Users\Cooper\Downloads\images
2014-10-02 19:50 - 2014-10-02 19:50 - 00001268 _____ () C:\Users\Cooper\Desktop\Continue Microsoft Toolkit 2.5.3.lnk
2014-10-02 19:49 - 2014-10-02 20:45 - 00000000 ____D () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r
2014-10-02 19:49 - 2014-10-02 19:49 - 00004644 _____ () C:\Windows\System32\Tasks\IC Running Procedure
2014-10-02 19:49 - 2014-10-02 19:49 - 00000000 __SHD () C:\Users\Cooper\AppData\Local\EmieUserList
2014-10-02 19:49 - 2014-10-02 19:49 - 00000000 __SHD () C:\Users\Cooper\AppData\Local\EmieSiteList
2014-10-02 19:45 - 2014-10-02 20:37 - 00000000 ____D () C:\Users\Cooper\AppData\Local\ospd_us_187
2014-10-02 19:45 - 2014-10-02 20:31 - 00000000 ____D () C:\Program Files (x86)\ospd_us_187
2014-10-02 19:42 - 2014-10-02 19:42 - 01256541 _____ () C:\Users\Cooper\Downloads\microsoft toolkit latest.exe
2014-09-29 21:26 - 2014-09-29 21:26 - 00000000 ____D () C:\Users\Cooper\AppData\Local\PAYDAY 2
2014-09-29 21:26 - 2014-09-29 21:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-29 21:26 - 2014-09-29 21:26 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-24 21:41 - 2014-10-02 22:40 - 00000000 ____D () C:\Users\Cooper\Desktop\IntProg
2014-09-24 21:31 - 2014-09-24 21:31 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\OpenOffice
2014-09-24 21:30 - 2014-09-24 21:30 - 00001188 _____ () C:\Users\Cooper\Desktop\OpenOffice 4.1.1.lnk
2014-09-24 21:30 - 2014-09-24 21:30 - 00000000 ___SD () C:\Users\Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-24 21:29 - 2014-09-24 21:30 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-24 21:28 - 2014-09-24 21:28 - 00000000 ____D () C:\Users\Cooper\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-24 21:18 - 2014-09-24 21:21 - 140852175 _____ () C:\Users\Cooper\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-24 21:15 - 2014-09-24 21:16 - 00000000 ____D () C:\Users\Cooper\Desktop\GreenfootAPI
2014-09-24 20:55 - 2014-09-24 20:55 - 00000000 ____D () C:\Users\Cooper\Downloads\CrabWorld
2014-09-24 20:48 - 2014-09-24 20:53 - 00000000 ____D () C:\Users\Cooper\Desktop\Greenfoot
2014-09-22 19:31 - 2014-09-22 19:31 - 00000000 ____D () C:\Users\Cooper\Downloads\Album EMesq - Imgur
2014-09-22 19:30 - 2014-09-22 19:30 - 01243125 _____ () C:\Users\Cooper\Downloads\Album EMesq - Imgur.zip
2014-09-19 15:12 - 2014-09-24 21:15 - 00000000 ____D () C:\Users\Cooper\greenfoot
2014-09-19 14:26 - 2014-09-19 14:26 - 00001937 _____ () C:\Users\Cooper\Desktop\Greenfoot.lnk
2014-09-19 14:26 - 2014-09-19 14:26 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenfoot
2014-09-19 14:25 - 2014-09-19 14:26 - 00000000 ____D () C:\Program Files (x86)\Greenfoot
2014-09-19 14:20 - 2014-09-19 14:23 - 154088735 _____ () C:\Users\Cooper\Downloads\Greenfoot-windows-240.msi
2014-09-19 14:20 - 2014-09-19 14:20 - 00064870 _____ () C:\Users\Cooper\Downloads\CrabWorld.zip
2014-09-18 00:59 - 2014-09-18 01:02 - 00000000 ____D () C:\Users\Cooper\Downloads\HLDJ FILES
2014-09-18 00:52 - 2014-09-18 00:52 - 01855815 _____ () C:\Users\Cooper\Downloads\hldj64_1.6.02.zip
2014-09-18 00:52 - 2014-09-18 00:52 - 00000000 ____D () C:\Users\Cooper\Downloads\hldj64_1.6.02

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-18 17:05 - 2014-08-13 20:17 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\Spotify
2014-10-18 17:05 - 2014-08-02 18:25 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\Raptr
2014-10-18 17:04 - 2014-08-12 17:36 - 00012147 _____ () C:\Windows\setupact.log
2014-10-18 16:37 - 2014-08-02 20:42 - 01395298 _____ () C:\Windows\WindowsUpdate.log
2014-10-18 16:37 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-18 16:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 16:29 - 2009-07-14 00:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 16:29 - 2009-07-14 00:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 16:26 - 2014-08-10 21:38 - 00007614 _____ () C:\Users\Cooper\AppData\Local\Resmon.ResmonCfg
2014-10-18 16:20 - 2014-09-05 17:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-18 16:11 - 2014-08-13 16:55 - 00264882 _____ () C:\Windows\PFRO.log
2014-10-17 16:21 - 2014-08-02 18:25 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-10-17 16:17 - 2009-07-14 00:45 - 00369816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 23:14 - 2014-08-11 18:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 23:10 - 2014-08-02 20:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 23:07 - 2014-08-02 20:13 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 22:49 - 2014-09-05 18:57 - 00062700 _____ () C:\Windows\DirectX.log
2014-10-14 16:15 - 2014-08-12 22:57 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 16:15 - 2014-08-02 19:24 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 16:15 - 2014-08-02 19:24 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 20:02 - 2014-09-05 16:25 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-13 20:02 - 2014-08-02 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 20:02 - 2014-08-02 19:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-13 20:02 - 2014-08-02 18:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 19:57 - 2014-08-13 20:18 - 00000000 ____D () C:\Users\Cooper\AppData\Local\Spotify
2014-10-12 21:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-10 22:54 - 2014-08-09 13:12 - 00000946 _____ () C:\Users\Cooper\.drjava
2014-10-10 22:54 - 2014-08-02 17:52 - 00000000 ____D () C:\Users\Cooper
2014-10-08 20:49 - 2014-08-02 18:16 - 00000000 ____D () C:\Users\Cooper\AppData\Local\Google
2014-10-04 11:29 - 2014-08-03 18:28 - 00000000 ____D () C:\Users\Cooper\AppData\Local\Popcorn-Time
2014-10-04 10:30 - 2014-08-02 18:23 - 00000000 ____D () C:\ProgramData\AMD
2014-10-04 10:21 - 2014-07-26 19:32 - 00000000 ____D () C:\AMD
2014-10-03 21:50 - 2014-09-05 16:58 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\.minecraft
2014-10-02 20:55 - 2014-08-15 16:49 - 00000000 ____D () C:\Users\Cooper\Desktop\Screengrabs
2014-09-25 16:50 - 2014-08-02 18:16 - 00092560 _____ () C:\Users\Cooper\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 23:01 - 2014-08-10 20:44 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\uTorrent
2014-09-23 19:09 - 2014-08-10 20:46 - 00000000 ____D () C:\Users\Cooper\Downloads\Torrents
2014-09-18 21:03 - 2014-09-05 17:21 - 00000000 ____D () C:\Users\Cooper\AppData\Roaming\TS3Client

Some content of TEMP:
====================
C:\Users\Cooper\AppData\Local\Temp\avgnt.exe
C:\Users\Cooper\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 22:09

==================== End Of Log ============================

 

Here's the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Cooper at 2014-10-18 17:10:46
Running from C:\Users\Cooper\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40915 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0915.1812.30937 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0915.1813.30937 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.5 - IObit)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.4.0 - Greenfoot Team)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Popcorn Time (HKLM-x32\...\Popcorn-Time) (Version: 0.3.2 - Popcorn Official)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1332800051-3721354863-2218191310-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1332800051-3721354863-2218191310-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1332800051-3721354863-2218191310-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1332800051-3721354863-2218191310-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1332800051-3721354863-2218191310-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1332800051-3721354863-2218191310-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

17-10-2014 02:44:40 Installed DirectX
17-10-2014 02:47:13 Installed DirectX
17-10-2014 03:07:23 Windows Update
18-10-2014 20:03:22 OTL Restore Point - 10/18/2014 4:03:18 PM
18-10-2014 20:26:56 OTL Restore Point - 10/18/2014 4:26:52 PM
18-10-2014 20:32:47 OTL Restore Point - 10/18/2014 4:32:40 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-10-18 16:33 - 2014-10-18 16:33 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {37D4B003-A9FA-4950-8E55-4BC282E2EB09} - System32\Tasks\Driver Booster SkipUAC (Cooper) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {3F476245-C116-4252-9B98-7A03F9B8FB31} - System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => %LOCALAPPDATA%\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
Task: {677612BE-AE8C-4ACD-9735-08E812E2BB31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {69C6C5DF-E3C6-421F-8AFE-0FC7262E54BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-08] (Adobe Systems Incorporated)
Task: {FBE977C8-E515-4049-B3AB-9F03CC05C7F2} - System32\Tasks\IC Running Procedure => %LOCALAPPDATA%\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-15 18:13 - 2014-09-15 18:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-09-15 18:13 - 2014-09-15 18:13 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00133216 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
2014-09-15 18:13 - 2014-09-15 18:13 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00104032 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\ManXec.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00074848 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmdProc.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00048224 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\PrfIns.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00056928 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WbSes.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00146016 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WdcMan.dll
2014-09-23 13:06 - 2014-09-23 13:06 - 00121952 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\WblSupp.dll
2014-09-23 13:05 - 2014-09-23 13:05 - 00111200 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Modules\CmnUtls.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 18:56 - 2010-11-22 18:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 19:26 - 2014-05-13 19:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 18:57 - 2010-11-22 18:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 18:56 - 2010-11-22 18:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 20:05 - 2013-11-20 20:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 18:57 - 2010-11-22 18:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 20:56 - 2014-06-17 20:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 14:17 - 2011-02-15 14:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 19:06 - 2010-11-22 19:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 19:52 - 2013-05-09 19:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 14:56 - 2013-05-03 14:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 14:57 - 2013-05-03 14:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-10-08 20:53 - 2014-09-24 01:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-02 19:51 - 2014-07-21 05:38 - 00393728 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-10-02 19:51 - 2014-07-21 05:38 - 00788480 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\ffmpegsumo.dll
2014-10-02 19:51 - 2013-12-03 22:48 - 13586896 _____ () C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\Chrome-bin\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1332800051-3721354863-2218191310-500 - Administrator - Disabled)
Cooper (S-1-5-21-1332800051-3721354863-2218191310-1000 - Administrator - Enabled) => C:\Users\Cooper
Guest (S-1-5-21-1332800051-3721354863-2218191310-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 04:32:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 04:13:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 04:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: perfmon.exe, version: 6.1.7601.17514, time stamp: 0x4ce7972c
Faulting module name: RPCRT4.dll, version: 6.1.7601.18532, time stamp: 0x53c339ee
Exception code: 0xc0000005
Fault offset: 0x000000000003deb0
Faulting process id: 0x1280
Faulting application start time: 0xperfmon.exe0
Faulting application path: perfmon.exe1
Faulting module path: perfmon.exe2
Report Id: perfmon.exe3

Error: (10/18/2014 04:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: perfmon.exe, version: 6.1.7601.17514, time stamp: 0x4ce7972c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1280
Faulting application start time: 0xperfmon.exe0
Faulting application path: perfmon.exe1
Faulting module path: perfmon.exe2
Report Id: perfmon.exe3

Error: (10/18/2014 04:07:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 02:34:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2014 11:24:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 31.0.1650.63, time stamp: 0x53ccf06b
Faulting module name: chrome.dll, version: 31.0.1650.63, time stamp: 0x53ccea0a
Exception code: 0x80000003
Fault offset: 0x00021880
Faulting process id: 0x16c0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (10/17/2014 08:35:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2014 04:18:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 10:46:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program spotify.exe version 0.9.14.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 86c

Start Time: 01cfe9b485138f41

Termination Time: 23

Application Path: C:\Users\Cooper\AppData\Roaming\Spotify\spotify.exe

Report Id: ceac4eb3-55a7-11e4-a273-e03f49a5a367


System errors:
=============
Error: (10/18/2014 04:31:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/18/2014 04:31:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/18/2014 04:12:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/18/2014 04:06:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/18/2014 02:35:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/17/2014 08:34:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/16/2014 09:12:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/15/2014 04:17:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/14/2014 04:11:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/13/2014 10:41:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (10/18/2014 04:32:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 04:13:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 04:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfmon.exe6.1.7601.175144ce7972cRPCRT4.dll6.1.7601.1853253c339eec0000005000000000003deb0128001cfeb0f04073705C:\Windows\System32\perfmon.exeC:\Windows\system32\RPCRT4.dll5f3aff4d-5702-11e4-9def-e03f49a5a367

Error: (10/18/2014 04:07:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: perfmon.exe6.1.7601.175144ce7972cntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102128001cfeb0f04073705C:\Windows\System32\perfmon.exeC:\Windows\SYSTEM32\ntdll.dll5d21db6f-5702-11e4-9def-e03f49a5a367

Error: (10/18/2014 04:07:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2014 02:34:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2014 11:24:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe31.0.1650.6353ccf06bchrome.dll31.0.1650.6353ccea0a800000030002188016c001cfea8175f0bae1C:\Users\Cooper\AppData\Local\I-_D-_~1.-R\CHROME~1\chrome.exeC:\Users\Cooper\AppData\Local\I-_D-_~1.-R\CHROME~1\chrome.dll3aa616c0-5676-11e4-94d1-e03f49a5a367

Error: (10/17/2014 08:35:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2014 04:18:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2014 10:46:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotify.exe0.9.14.1386c01cfe9b485138f4123C:\Users\Cooper\AppData\Roaming\Spotify\spotify.execeac4eb3-55a7-11e4-a273-e03f49a5a367


==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 41%
Total physical RAM: 8088.6 MB
Available physical RAM: 4704.45 MB
Total Pagefile: 16175.38 MB
Available Pagefile: 12408.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1680.42 GB) NTFS
Drive d: (Digital_LG) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B03925A4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Step#1 - Create Restore Point
1. Please click your start button, right-click on the Computer menu item and select Properties as show below.

ComputerProperties.JPG

 

2. Click on the Advanced system settings link.

AdvancedSystemSettings.JPG

 

3. Click the System Protection tab and then click the Create button.

 

SystemProperties.JPG

 

4. You will be asked to provide a description. Please type G2G and click Create

 

SystemProtection.JPG

 

5. You will get a message telling you when it's complete. Click Close on the message.

 

 

Step#2 - Warnings
 

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

 

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine and I'll respect your decision. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): uTorrent

To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

CCleaner Warning
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.

 

 

Step#3 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

 

µTorrent (Optional)
Driver Booster (Optional) <-- The vendor (IOBit) is untrustworthy and deemed a rogue within the Anti-Malware community as a whole.

 

 

Step#4 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.88KB   100 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#5 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop. I see that you have downloaded this already however to ensure you have the latest version please re-download.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#6 - Disable Windows Defender

To avoid conflicts with your Antivirus (Avira) please ensure Windows Defender is disabled. It's never good to have to AVs active at once. Instructions for doing this are here.

 

  

 

Items for your Next Post

1. FRST Fix log

2. AdwCleaner log

3. How's your machine doing?


  • 0

#5
cooperjb12

cooperjb12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

My computer already seems better, my CPU fan isn't going nearly as loud anymore and Windows Resource Monitor isn't showing any network spikes anymore!

 

Also, do you have a paypal or anything i can donate to? This fix has saved me so much time and trouble and I really don't know how to thank you other than money!

 

FRST Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-10-2014 01
Ran by Cooper at 2014-10-19 10:19:17 Run:1
Running from C:\Users\Cooper\Desktop
Loaded Profile: Cooper (Available profiles: Cooper)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
cmd: tskill chrome /A
() C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r
HKU\S-1-5-21-1332800051-3721354863-2218191310-1000\...\MountPoints2: {a7c65601-1aa6-11e4-ada8-806e6f6e6963} - explorer index.html
CHR StartMenuInternet: Google Chrome - chrome.exe
2014-10-18 16:50 - 2014-10-18 16:50 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 920153.crdownload
2014-10-18 16:49 - 2014-10-18 16:49 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 486728.crdownload
2014-10-18 16:49 - 2014-10-18 16:49 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 257049.crdownload
2014-10-18 16:48 - 2014-10-18 16:48 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 663561.crdownload
2014-10-18 16:47 - 2014-10-18 16:47 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 919286.crdownload
2014-10-18 16:46 - 2014-10-18 16:46 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 648726.crdownload
2014-10-18 15:29 - 2014-10-18 15:36 - 00347804 _____ (BetOnSoft N.V.) C:\Users\Cooper\Downloads\Unconfirmed 804211.crdownload
2014-10-18 14:58 - 2014-10-18 14:58 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 331003.crdownload
2014-10-18 14:56 - 2014-10-18 14:56 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 794099.crdownload
2014-10-18 14:55 - 2014-10-18 14:55 - 00385520 _____ () C:\Users\Cooper\Downloads\Unconfirmed 869326.crdownload
2014-10-18 00:05 - 2014-10-18 00:05 - 00780288 _____ ( ) C:\Users\Cooper\Downloads\Unconfirmed 976717.crdownload
2014-10-18 00:03 - 2014-10-18 00:03 - 00844992 _____ () C:\Users\Cooper\Downloads\Unconfirmed 741174.crdownload
2014-10-18 00:03 - 2014-10-18 00:03 - 00844992 _____ () C:\Users\Cooper\Downloads\Unconfirmed 44352.crdownload
2014-10-18 00:02 - 2014-10-18 00:02 - 00941400 _____ (Download Assistant ) C:\Users\Cooper\Downloads\Unconfirmed 194813.crdownload
2014-10-18 00:01 - 2014-10-18 00:01 - 00780288 _____ ( ) C:\Users\Cooper\Downloads\Unconfirmed 63687.crdownload
2014-10-18 00:00 - 2014-10-18 00:00 - 00844992 _____ () C:\Users\Cooper\Downloads\Unconfirmed 581806.crdownload
2014-10-17 23:26 - 2014-10-17 23:26 - 00780288 _____ ( ) C:\Users\Cooper\Downloads\Unconfirmed 889828.crdownload
2014-10-17 22:26 - 2014-10-17 22:26 - 00941416 _____ (Download Assistant ) C:\Users\Cooper\Downloads\Unconfirmed 53063.crdownload
Task: {3F476245-C116-4252-9B98-7A03F9B8FB31} - System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => %LOCALAPPDATA%\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
Task: {FBE977C8-E515-4049-B3AB-9F03CC05C7F2} - System32\Tasks\IC Running Procedure => %LOCALAPPDATA%\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe
2014-10-02 19:49 - 2014-10-02 19:49 - 00004644 _____ () C:\Windows\System32\Tasks\IC Running Procedure
EmptyTemp:
*****************

Processes closed successfully.

=========  tskill chrome /A =========

Could not find process: chrome

========= End of CMD: =========

C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r\I~..C~..Runner.exe => No running process found
C:\Users\Cooper\AppData\Local\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r => Moved successfully.
"HKU\S-1-5-21-1332800051-3721354863-2218191310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7c65601-1aa6-11e4-ada8-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{a7c65601-1aa6-11e4-ada8-806e6f6e6963}" => Key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
C:\Users\Cooper\Downloads\Unconfirmed 920153.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 486728.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 257049.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 663561.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 919286.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 648726.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 804211.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 331003.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 794099.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 869326.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 976717.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 741174.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 44352.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 194813.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 63687.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 581806.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 889828.crdownload => Moved successfully.
C:\Users\Cooper\Downloads\Unconfirmed 53063.crdownload => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F476245-C116-4252-9B98-7A03F9B8FB31}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F476245-C116-4252-9B98-7A03F9B8FB31}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\IC Update Procedure => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IC Update Procedure" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBE977C8-E515-4049-B3AB-9F03CC05C7F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBE977C8-E515-4049-B3AB-9F03CC05C7F2}" => Key deleted successfully.
C:\Windows\System32\Tasks\IC Running Procedure => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IC Running Procedure" => Key deleted successfully.
"C:\Windows\System32\Tasks\IC Running Procedure" => File/Directory not found.
EmptyTemp: => Removed 25.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

ADWCleaner Log:

 

# AdwCleaner v4.000 - Report created 19/10/2014 at 11:48:10
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Cooper - COOPER-PC
# Running from : C:\Users\Cooper\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2729 octets] - [02/10/2014 20:39:16]
AdwCleaner[R1].txt - [866 octets] - [18/10/2014 16:08:57]
AdwCleaner[R2].txt - [983 octets] - [19/10/2014 11:46:37]
AdwCleaner[S0].txt - [2828 octets] - [02/10/2014 20:40:21]
AdwCleaner[S1].txt - [919 octets] - [18/10/2014 16:10:35]
AdwCleaner[S2].txt - [898 octets] - [19/10/2014 11:48:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [957 octets] ##########
 


Edited by cooperjb12, 19 October 2014 - 09:54 AM.

  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Great news. My help is free...you're satisfaction is my reward but thanks for the thought. Let's do a couple final scans to ensure you are clean. Thank you.

 

Step#1 - Security Check
 
1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Step#2 - Malwarebytes Scan

 

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

  

 

Items for your next post

1. Security Check log

2. Malwarebytes log


  • 0

#7
cooperjb12

cooperjb12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

You guys are awfully thorough in your instructions, It's impressive honestly.

 

Security Check Log:

 

Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java version out of Date!
 Adobe Flash Player 15.0.0.152  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 

MalwareBytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/19/2014
Scan Time: 2:44:23 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.19.07
Rootkit Database: v2014.10.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cooper

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305146
Time Elapsed: 7 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, , [b5ded14591eb0e28987556c9867d8080],
PUP.Optional.IdleCrawler.A, HKU\S-1-5-21-1332800051-3721354863-2218191310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r, , [850e39dde3994fe77f8922f8788bb848],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.OneSoftPerDay.A, C:\Users\Cooper\AppData\Local\ospd_us_187, , [b4dfcb4b9ce0330327f72de7f3107b85],
PUP.Optional.OneSoftPerDay.A, C:\Users\Cooper\AppData\Local\ospd_us_187\Download, , [b4dfcb4b9ce0330327f72de7f3107b85],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_187, , [3d561501ff7dec4a35eafd17ed162dd3],

Files: 11
Adware.EoRezo, C:\Program Files (x86)\ospd_us_187\unins000.exe, , [9af938ded0ac2c0a63cdd6c7eb19de22],
PUP.Riskware.Patcher, C:\Users\Cooper\Downloads\FL_Studio_11.X_Crack.rar, , [bbd80214e795e0562e0dd84927da52ae],
PUP.Riskware.Patcher, C:\Users\Cooper\Downloads\FL Studio Crack.exe, , [0f8474a2ef8d68cec9724fd27c8524dc],
PUP.Optional.OutBrowse, C:\Users\Cooper\Downloads\microsoft toolkit latest.exe, , [058eae686e0e1125def1f5b5847da25e],
PUP.Optional.OneSoftPerDay.A, C:\Users\Cooper\AppData\Local\ospd_us_187\upospd_us_187.cyl, , [b4dfcb4b9ce0330327f72de7f3107b85],
PUP.Optional.OneSoftPerDay.A, C:\Users\Cooper\AppData\Local\ospd_us_187\user_profil.cyp, , [b4dfcb4b9ce0330327f72de7f3107b85],
PUP.Optional.OneSoftPerDay.A, C:\Users\Cooper\AppData\Local\ospd_us_187\Download\majospd_gentleus.exe, , [b4dfcb4b9ce0330327f72de7f3107b85],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_187\predm.exe, , [3d561501ff7dec4a35eafd17ed162dd3],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_187\unins000.dat, , [3d561501ff7dec4a35eafd17ed162dd3],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_187\unins000.exe, , [3d561501ff7dec4a35eafd17ed162dd3],
PUP.Optional.OneSoftPerDay.A, C:\Program Files (x86)\ospd_us_187\unins000.msg, , [3d561501ff7dec4a35eafd17ed162dd3],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thank you very much. I think we are done here. Following is one final fix and some general recommendations and information for you. You should update Mozilla Firefox and Java since you have older versions. Specific instructions for Java are below if you are uncertain on how to do this.

 

 

1. Final Fix
 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   540bytes   142 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
2. Clean Up!

We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
Download Delfix from here.
 

  • Ensure everything is checked.
  • Click Run.

Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
 
3. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG

4. Click on Change Settings.
CheckForUpdates.JPG

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.

 
4. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
Another alternative and popular software program for keeping your programs current is FileHippo Update Checker. Some people prefer this one.
 
1. Please download FileHippo update checker from here and save to your desktop.
2. Double-click the FHSetup.exe file that was downloaded and accept all the defaults to install the program.
3. The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases. Once updates are found you will see information
    from your task bar as follows. If you click on this informational message you will be take to a website showing the programs that you have that are outdated and links will be provided to the updates.
Capture.JPG

 

 
5. Keeping Java Updated

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to diasble Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 7 Update 51.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow http://www.java.com/...4bit.xml#verify">these
instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.
Java.JPG

3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: J2SE, Java 2, Java SE or Java Runtime Environment.
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-7u51-windows-i586.exe or jre-7u51-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.

Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 
6. Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader

If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.

If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.

NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.

NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

 
7. Antivirus - Preventative
Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is not actively monitoring your machine so it won't conflict with the Antivirus that you decide to install. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
8. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will then be prompted to apply all default protections. Answer Yes.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
Updates.JPG
 

 

OK, all the best, and stay safe!
 
Items for your next post.
1. FRST Fix Log

2. Contents of the Delfix log.


  • 0

#9
cooperjb12

cooperjb12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thanky you so much, the advice and instructions you have given here have honestly been the most professional and accomodating that I could ever have imagined. Thank you!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014
Ran by Cooper at 2014-10-19 21:01:34 Run:2
Running from C:\Users\Cooper\Desktop
Loaded Profile: Cooper (Available profiles: Cooper)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\ospd_us_187
C:\Users\Cooper\Downloads\FL_Studio_11.X_Crack.rar
C:\Users\Cooper\Downloads\FL Studio Crack.exe
C:\Users\Cooper\Downloads\microsoft toolkit latest.exe
C:\Users\Cooper\AppData\Local\ospd_us_187
C:\Program Files (x86)\ospd_us_187
C:\Users\Cooper\AppData\Local\ospd_us_187
reg: reg delete "HKU\S-1-5-21-1332800051-3721354863-2218191310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r" /F
reg: reg delete "HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY" /F

*****************

C:\Program Files (x86)\ospd_us_187 => Moved successfully.
C:\Users\Cooper\Downloads\FL_Studio_11.X_Crack.rar => Moved successfully.
C:\Users\Cooper\Downloads\FL Studio Crack.exe => Moved successfully.
C:\Users\Cooper\Downloads\microsoft toolkit latest.exe => Moved successfully.
C:\Users\Cooper\AppData\Local\ospd_us_187 => Moved successfully.
"C:\Program Files (x86)\ospd_us_187" => File/Directory not found.
"C:\Users\Cooper\AppData\Local\ospd_us_187" => File/Directory not found.

========= reg delete "HKU\S-1-5-21-1332800051-3721354863-2218191310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\I-._d-._l-._e~ ~C_.-r_.-a_.-w_.-l_.-e_.-r" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY" /F =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog ====


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Chrome.exe, IdleCrawler

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP