Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Several infections [Solved]


  • This topic is locked This topic is locked

#1
spidergirl79

spidergirl79

    Member

  • Member
  • PipPip
  • 22 posts

Okay so I am infected by the following known problems: Browser redirects from Youradexchange, browser widget utopit (Which has no uninstall option and only has a disable option which doesnt really work), I think I'm getting ads from a program called Cloudscout (it appears to be responsible for the Utopit widget). Also possibly identified a program called Pennywise. 

 

I tried scanning my machine with just about everything you can imagine. THE ONLY program that found ANY of that stuff I know I have is Spyhunter but I've read some bad things about it (like getting charged twice when it seems you're only paying 39$) so I uninstalled it. Actually it didn't let me uninstall it, I had to use REVO Uninstaller to get rid of it and when THAT killed my WIFI network connection I just did a system restore. *facepalm* Malwarebytes was always my best bet against malware but it only seems able to find 'two utop.it' files in the Appdata/Google/local. It removes it but shortly thereafter they resurrect themselves. 

 

I'm suspicious that my infection is affecting my administration rights.

 

Problems started about the time I used HOLA (Allows you to unlock sites across the web that are blocked based on your country, eg. Canada) and unfortunately I downloaded something via utorrent. I have since deleted that stuff and uninstalled HOLA (Its a browser add on) and utorrent. I attempted to download a free trial version of a program via utorrent. I guess it was a fake. I dont think I have any cracks or stuff on my computer. I will literally never attempt something like that again.  :no:

 

THE ONLY THING that seems to keep the utop.it widget from triggering (it starts up when you left click to highlight text) is Avira and or Avast's browser add ons but the redirecting from Youradexchange still wants to work. 

I have scanned my laptop with the following and am STILL hopelessly infected: AVG, Avast, Highjackthis, Malwarebytes, Spybot Search and Destroy, CCleaner, Hitman Pro, ADWCleaner, Junkware removal tool. 

 

OTL logfile created on: 12/2/2014 8:19:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Margaret JOH\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.79 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 40.03% Memory free
9.48 Gb Paging File | 6.67 Gb Available in Paging File | 70.30% Paging File free
Paging file location(s): c:\pagefile.sys 5826 5826 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 6.77 Gb Free Space | 5.82% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 157.87 Gb Free Space | 48.16% Space Free | Partition Type: NTFS
Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MARGARETJOH-PC | User Name: Margaret JOH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/02 20:18:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret JOH\Downloads\OTL (1).exe
PRC - [2014/12/02 20:03:52 | 005,225,064 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/12/02 20:03:52 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/24 22:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/12 13:25:14 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/14 20:24:26 | 000,242,688 | ---- | M] (wifimouse.necta.us) -- C:\Program Files (x86)\MouseServer\MouseServer.exe
PRC - [2014/08/05 10:27:22 | 002,014,720 | ---- | M] (AimerSoft) -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2014/01/09 21:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/08 20:50:12 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/09/30 15:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/08/17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/08/16 22:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/16 22:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/07/09 22:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010/05/03 14:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 14:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/12 12:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/08/02 16:54:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/02 20:03:53 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/24 22:39:25 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
MOD - [2014/11/24 22:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/24 22:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/24 22:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/24 22:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/10/11 12:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/08/05 10:22:56 | 001,489,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
MOD - [2014/05/19 17:19:02 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
MOD - [2014/02/12 03:37:21 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/12 03:32:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:31:38 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/12 03:31:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:31:20 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 03:31:17 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/12 03:31:08 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 03:31:03 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 03:31:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 03:30:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 03:30:50 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/09 21:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/09 21:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/09/30 15:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/09/30 15:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/09/30 15:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010/09/30 15:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/07/01 11:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2009/11/02 14:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 14:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/02 20:03:52 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 00:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/22 11:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/02 16:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2014/11/26 07:59:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/24 00:22:21 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/05/04 15:37:30 | 002,152,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/03 06:15:21 | 000,269,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 00:51:41 | 000,136,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/20 18:47:58 | 000,077,312 | ---- | M] () [Auto | Stopped] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010/08/16 22:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/16 22:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2002/03/19 07:51:28 | 000,548,864 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Windows\SysWOW64\Tablet.exe -- (TabletService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/02 20:04:23 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/02 20:03:54 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/12/02 20:03:54 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/02 20:03:54 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/12/02 20:03:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/02 20:03:54 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/02 20:03:54 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/02 20:03:54 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/25 10:46:36 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio.sys -- (WsAudio_Device)
DRV:64bit: - [2013/02/19 12:44:10 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/03 06:15:21 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/03 06:15:21 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/24 19:24:26 | 000,229,376 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2010/09/24 19:24:26 | 000,069,120 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2010/09/08 18:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/08/16 05:49:59 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/06/20 23:07:37 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/02 19:46:03 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/04 01:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/03 03:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/02 00:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/26 13:02:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/19 18:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/07/20 01:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 20:46:57 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/30 20:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 20:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 20:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 12:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/06 23:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2001/04/09 05:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\penclass.sys -- (PenClass)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Margaret JOH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Margaret JOH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Margaret JOH\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{121C6AF3-6778-4360-AFDB-57BD4E3E4343}: C:\PROGRAM FILES\PLAYZY\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{121C6AF3-6778-4360-AFDB-57BD4E3E4343}: C:\Program Files\Playzy\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/02 20:03:56 | 000,000,000 | ---D | M]
 
[2014/12/01 04:38:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\Extensions
[2014/12/02 17:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/06/02 19:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013/12/08 18:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins
[2014/12/01 05:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\Firefox\Profiles\kmdw0ex5.default\extensions
[2014/12/02 17:12:31 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\Firefox\Profiles\kmdw0ex5.default\extensions\[email protected]
[2013/04/17 05:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2014/12/01 04:42:04 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Margaret JOH\AppData\Roaming\mozilla\firefox\profiles\kmdw0ex5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/24 00:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/01 22:34:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/30 12:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/12/01 04:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/01 04:37:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/06 23:11:47 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.2_0\
CHR - Extension: No name found = C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_1\
CHR - Extension: No name found = C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\11.2_0\
CHR - Extension: No name found = C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/12/02 19:38:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe ()
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [MouseServer] C:\Program Files (x86)\MouseServer\MouseServer.exe (wifimouse.necta.us)
O4 - Startup: C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: NameServer = 31.168.224.106,5.135.12.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: NameServer = 31.168.224.106,5.135.12.52
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/15 23:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011/09/15 20:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/02 20:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/12/02 20:04:00 | 000,436,624 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/12/02 20:04:00 | 000,116,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/12/02 20:03:59 | 000,083,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/12/02 20:03:58 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1417579462017
[2014/12/02 20:03:58 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/12/02 20:03:58 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/12/02 20:03:56 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/02 20:03:54 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/02 19:41:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/12/02 19:40:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/12/02 19:29:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/12/02 19:29:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/12/02 19:29:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/12/02 19:28:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/12/02 19:27:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/12/02 18:56:19 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Roaming\AVG2015
[2014/12/02 18:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/12/02 18:44:09 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Local\Avg2015
[2014/12/02 18:27:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/02 17:18:20 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Local\Aimersoft
[2014/12/02 16:33:23 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Local\VS Revo Group
[2014/12/02 16:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/12/02 16:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/12/01 18:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/12/01 18:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2014/12/01 16:02:08 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Roaming\AVAST Software
[2014/12/01 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/12/01 15:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/12/01 12:26:29 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Roaming\LavasoftStatistics
[2014/12/01 06:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/12/01 04:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/12/01 03:04:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/30 18:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/30 18:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/28 17:03:21 | 000,000,000 | ---D | C] -- C:\aws
[2014/11/28 17:03:10 | 000,000,000 | ---D | C] -- C:\Asus WebStorage
[2014/11/28 11:38:09 | 000,000,000 | ---D | C] -- C:\WebStorage
[2014/11/28 11:38:09 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Roaming\WebStorage
[2014/11/28 11:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WebStorage
[2014/11/28 11:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS WebStorage
[2014/11/28 11:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AWS
[2014/11/28 11:32:03 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Roaming\temp
[2014/11/24 00:00:22 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Local\Origin
[2014/11/23 23:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2014/11/23 23:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2014/11/23 23:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mr DJ
[2014/11/23 22:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2014/11/23 00:54:02 | 000,000,000 | -H-D | C] -- C:\Users\Margaret JOH\AppData\Roaming\GoldenGate
[2014/11/23 00:52:27 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\AppData\Roaming\GameOff
[2014/11/23 00:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\cPfTJEb
[2014/11/23 00:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\9E72B442-9400-4E1B-BF02-37F42BF96F36
[2014/11/23 00:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\010
[2014/11/23 00:49:02 | 000,000,000 | ---D | C] -- C:\Users\Margaret JOH\Sims 4
[2014/11/22 17:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/15 23:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/11/15 23:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/11/15 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/11/15 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/11/15 23:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/11/15 20:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2014/11/15 20:43:27 | 000,031,080 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\VirtualAudio.sys
[2014/11/15 20:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft
[2014/11/15 20:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft
[2014/11/15 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Aimersoft
[2014/11/09 21:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverToolkit
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/02 20:04:26 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/02 20:04:23 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/12/02 20:03:54 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/12/02 20:03:54 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/02 20:03:54 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/12/02 20:03:54 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/12/02 20:03:54 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/12/02 20:03:54 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/12/02 20:03:54 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/12/02 20:03:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/02 20:03:54 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/12/02 20:03:48 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1417579462017
[2014/12/02 19:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/02 19:38:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/12/02 19:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/02 19:28:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job
[2014/12/02 19:24:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/02 19:24:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/02 19:16:16 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2014/12/02 19:16:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/02 19:15:52 | 000,000,318 | ---- | M] () -- C:\Windows\SysWow64\wacom.dat
[2014/12/02 19:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/02 19:15:37 | 3054,878,720 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/02 17:21:58 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/02 17:21:58 | 000,667,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/02 17:21:58 | 000,126,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/01 20:52:19 | 000,000,935 | ---- | M] () -- C:\Users\Margaret JOH\AppData\Roaming\COFA
[2014/11/30 18:16:51 | 000,099,564 | ---- | M] () -- C:\Users\Margaret JOH\Documents\cc_20141130_181617.reg
[2014/11/30 18:06:03 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/30 17:50:26 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/30 16:28:00 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job
[2014/11/28 11:37:58 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\WebStorage.lnk
[2014/11/26 14:27:41 | 000,002,245 | ---- | M] () -- C:\Users\Margaret JOH\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/25 22:36:14 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/25 02:21:59 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/11/24 21:36:39 | 000,165,189 | ---- | M] () -- C:\Users\Margaret JOH\Downloads\Desktop\pvz.jpg
[2014/11/24 00:06:55 | 000,068,032 | ---- | M] () -- C:\Users\Margaret JOH\Downloads\Desktop\10730897_10154900736510195_5457067378219247040_n.jpg
[2014/11/23 23:40:48 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2014/11/23 01:27:07 | 000,002,784 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2014/11/23 01:26:57 | 000,001,565 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2014/11/23 00:50:48 | 000,000,045 | ---- | M] () -- C:\user.js
[2014/11/22 17:35:34 | 000,068,748 | ---- | M] () -- C:\Users\Margaret JOH\Downloads\Desktop\10383629_1514249702195267_3692663822946054611_n.jpg
[2014/11/17 14:17:06 | 000,058,698 | ---- | M] () -- C:\Users\Margaret JOH\Downloads\Desktop\10339760_10154882225775195_1159301103664406963_n.jpg
[2014/11/15 23:02:51 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/09 22:01:13 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/09 21:50:55 | 000,011,942 | ---- | M] () -- C:\Users\Margaret JOH\Documents\cc_20141109_215028.reg
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/02 20:04:26 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/02 20:04:00 | 000,267,632 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/12/02 20:04:00 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/12/02 20:03:58 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/12/02 19:29:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/12/02 19:29:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/12/02 19:29:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/12/02 19:29:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/12/02 19:29:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/11/30 18:16:23 | 000,099,564 | ---- | C] () -- C:\Users\Margaret JOH\Documents\cc_20141130_181617.reg
[2014/11/30 18:06:03 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/28 11:37:58 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\WebStorage.lnk
[2014/11/25 02:21:59 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/11/24 21:36:37 | 000,165,189 | ---- | C] () -- C:\Users\Margaret JOH\Downloads\Desktop\pvz.jpg
[2014/11/24 00:06:53 | 000,068,032 | ---- | C] () -- C:\Users\Margaret JOH\Downloads\Desktop\10730897_10154900736510195_5457067378219247040_n.jpg
[2014/11/23 23:40:48 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2014/11/23 00:53:04 | 000,000,178 | ---- | C] () -- C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[2014/11/23 00:53:03 | 000,001,816 | ---- | C] () -- C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
[2014/11/23 00:50:48 | 000,000,045 | ---- | C] () -- C:\user.js
[2014/11/22 17:35:34 | 000,068,748 | ---- | C] () -- C:\Users\Margaret JOH\Downloads\Desktop\10383629_1514249702195267_3692663822946054611_n.jpg
[2014/11/17 14:17:06 | 000,058,698 | ---- | C] () -- C:\Users\Margaret JOH\Downloads\Desktop\10339760_10154882225775195_1159301103664406963_n.jpg
[2014/11/15 23:02:51 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/15 20:43:29 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\AiCM64.dll
[2014/11/09 21:50:31 | 000,011,942 | ---- | C] () -- C:\Users\Margaret JOH\Documents\cc_20141109_215028.reg
[2014/09/01 00:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Margaret JOH\AppData\Roaming\YXCR
[2014/09/01 00:18:44 | 000,000,935 | ---- | C] () -- C:\Users\Margaret JOH\AppData\Roaming\COFA
[2013/10/04 22:01:09 | 000,160,437 | ---- | C] () -- C:\Windows\Sqirlz Morph Uninstaller.exe.bak
[2013/02/19 12:44:22 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2013/02/19 12:44:12 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2013/02/19 12:44:04 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2013/02/19 12:43:58 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/04/25 17:09:30 | 000,000,132 | ---- | C] () -- C:\Users\Margaret JOH\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/11 13:24:12 | 000,006,144 | ---- | C] () -- C:\Users\Margaret JOH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/12 17:27:14 | 000,000,632 | RHS- | C] () -- C:\Users\Margaret JOH\ntuser.pol
[2010/11/08 20:27:49 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/09/16 23:17:59 | 000,000,600 | ---- | C] () -- C:\Users\Margaret JOH\PUTTY.RND
[2010/04/26 20:36:35 | 000,000,788 | ---- | C] () -- C:\Users\Margaret JOH\.recently-used.xbel
[2007/04/04 22:40:00 | 000,000,023 | ---- | C] () -- C:\Users\Margaret JOH\presets.ini
[2006/11/30 01:39:03 | 000,000,093 | ---- | C] () -- C:\Users\Margaret JOH\default.pls
[2006/09/01 13:21:44 | 000,000,000 | ---- | C] () -- C:\Users\Margaret JOH\ping
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 18:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 18:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/28 11:33:25 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\Asus WebStorage
[2013/08/05 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\Audacity
[2014/12/01 16:02:08 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\AVAST Software
[2014/12/02 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\AVG2015
[2012/09/24 01:28:54 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\DVDVideoSoft
[2011/03/14 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\EeeStorageUploader
[2014/11/23 00:52:27 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\GameOff
[2014/11/23 00:54:05 | 000,000,000 | -H-D | M] -- C:\Users\Margaret JOH\AppData\Roaming\GoldenGate
[2014/05/19 13:47:39 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\IObit
[2011/07/18 20:09:39 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\OpenOffice.org
[2014/08/06 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\Oracle
[2014/11/24 00:23:39 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\Origin
[2014/12/02 17:13:06 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\ProductData
[2012/09/26 03:56:09 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\SoftGrid Client
[2012/12/08 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\SpinTop Games
[2014/04/23 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\SystemRequirementsLab
[2014/11/28 11:33:38 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\temp
[2012/08/04 22:53:44 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\TP
[2012/12/13 11:45:09 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\TuneUp Software
[2014/12/02 19:49:31 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\uTorrent
[2011/07/18 20:24:44 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\Watchtower
[2014/12/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\WebStorage
[2012/06/15 23:05:06 | 000,000,000 | ---D | M] -- C:\Users\Margaret JOH\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
 
< End of report >
 
 
I noticed that utorrent is still listed on roaming even though I've uninstalled it???? So is AVG, I've uninstalled that, my current anti-virus is Avast. 
 
ETA: Forgot to mention Malwarebytes DID find and destroy a Trogan recently, but it failed to find anything else that I've described.

Edited by spidergirl79, 02 December 2014 - 10:46 PM.

  • 1

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello spidergirl79,

 

Welcome to Geekstogo.

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.


  • 0

#3
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Thank you for your reply and help. Here are the log files as requested. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Margaret JOH (administrator) on MARGARETJOH-PC on 03-12-2014 21:15:50
Running from C:\Users\Margaret JOH\Downloads\Desktop
Loaded Profile: Margaret JOH (Available profiles: UpdatusUser & Margaret JOH & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Windows\SysWOW64\Tablet.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(wifimouse.necta.us) C:\Program Files (x86)\MouseServer\MouseServer.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\ExpressGateUtil\VAWinAgent.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe
(ASUS) C:\Windows\AsScrPro.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-11-08] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-01-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe [5244712 2014-11-06] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [242688 2014-10-14] (wifimouse.necta.us)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-1869828728-3093472841-3018778326-1000\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1869828728-3093472841-3018778326-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab
DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: linkscanner - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSAMVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: [NameServer] 31.168.224.106,5.135.12.52
Tcpip\..\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: [NameServer] 31.168.224.106,5.135.12.52
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margaret JOH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: facebook.com/fbDesktopPlugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-30]
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-19]
CHR Extension: (Avira Browser Safety) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-02]
CHR Extension: (Avast Online Security) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [colpjdoahbljmegmngnppjhcmalaldnl] - C:\Users\MARGAR~1\AppData\Local\Temp\colpjdoahbljmegmngnppjhcmalaldnl.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] () [File not signed]
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-03] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-24] (Electronic Arts)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-05] () [File not signed]
R2 TabletService; C:\Windows\SysWOW64\Tablet.exe [548864 2002-03-19] (Wacom Technology, Corp.) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-03] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-03] (Avira GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-24] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 PenClass; C:\Windows\SysWOW64\Drivers\PenClass.sys [8138 2001-04-09] (Wacom Technology Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 WinRing0_1_2_0; \??\C:\Users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 21:15 - 2014-12-03 21:15 - 00000000 ____D () C:\FRST
2014-12-02 22:57 - 2014-12-02 22:57 - 02347384 _____ (ESET) C:\Users\Margaret JOH\Downloads\esetsmartinstaller_enu.exe
2014-12-02 22:57 - 2014-12-02 22:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-02 20:28 - 2014-12-02 20:28 - 00063266 _____ () C:\Users\Margaret JOH\Downloads\Extras.Txt
2014-12-02 20:27 - 2014-12-02 20:27 - 00123450 _____ () C:\Users\Margaret JOH\Downloads\OTL.Txt
2014-12-02 20:18 - 2014-12-02 20:18 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL (1).exe
2014-12-02 20:10 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-02 20:05 - 2014-12-02 20:05 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL.exe
2014-12-02 20:04 - 2014-12-03 21:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-02 20:04 - 2014-12-02 20:04 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-02 20:04 - 2014-12-02 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-02 20:04 - 2014-12-02 20:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-02 20:03 - 2014-12-02 20:04 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-02 20:03 - 2014-12-02 20:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-02 20:03 - 2014-12-02 20:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-02 19:59 - 2014-12-02 20:00 - 05006864 _____ (AVAST Software) C:\Users\Margaret JOH\Downloads\avast_free_antivirus_setup_online.exe
2014-12-02 19:40 - 2014-12-02 19:40 - 00022917 _____ () C:\ComboFix.txt
2014-12-02 19:29 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-02 19:29 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-02 19:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-02 19:28 - 2014-12-02 19:40 - 00000000 ____D () C:\Qoobox
2014-12-02 19:27 - 2014-12-02 19:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-02 19:26 - 2014-12-02 19:26 - 05600127 ____R (Swearware) C:\Users\Margaret JOH\Downloads\ComboFix.exe
2014-12-02 19:25 - 2014-12-02 19:25 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill.exe
2014-12-02 19:25 - 2014-12-02 19:25 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill64.exe
2014-12-02 18:56 - 2014-12-02 18:56 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVG2015
2014-12-02 18:48 - 2014-12-03 10:01 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-02 18:44 - 2014-12-02 19:03 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Avg2015
2014-12-02 18:27 - 2014-12-02 18:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 18:26 - 2014-12-02 18:27 - 01707646 _____ (Thisisu) C:\Users\Margaret JOH\Downloads\JRT.exe
2014-12-02 17:45 - 2014-12-03 10:01 - 00010222 _____ () C:\Windows\PFRO.log
2014-12-02 17:32 - 2014-12-02 17:32 - 02154496 _____ () C:\Users\Margaret JOH\Downloads\adwcleaner_4.103.exe
2014-12-02 17:18 - 2014-12-02 17:18 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Aimersoft
2014-12-02 17:14 - 2014-12-03 10:02 - 00000336 _____ () C:\Windows\setupact.log
2014-12-02 17:14 - 2014-12-02 17:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-02 16:33 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VS Revo Group
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-01 18:22 - 2014-12-02 16:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-01 18:22 - 2014-12-01 18:22 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-01 16:02 - 2014-12-01 16:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVAST Software
2014-12-01 15:58 - 2014-12-01 15:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-01 15:57 - 2014-12-01 15:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-01 13:19 - 2014-12-01 13:20 - 00014021 _____ () C:\Users\Margaret JOH\Downloads\hijackthis.log
2014-12-01 12:26 - 2014-12-01 12:26 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\LavasoftStatistics
2014-12-01 06:06 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 04:16 - 2014-12-01 04:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-01 03:04 - 2014-12-02 19:14 - 00000000 ____D () C:\AdwCleaner
2014-11-30 18:16 - 2014-11-30 18:16 - 00099564 _____ () C:\Users\Margaret JOH\Documents\cc_20141130_181617.reg
2014-11-30 18:06 - 2014-11-30 18:06 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500.exe
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500 (1).exe
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 __SHD () C:\aws
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 ____D () C:\Asus WebStorage
2014-11-28 11:38 - 2014-12-03 21:13 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\WebStorage
2014-11-28 11:38 - 2014-11-28 11:38 - 00000000 ____D () C:\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00001248 _____ () C:\Users\Public\Desktop\WebStorage.lnk
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-11-28 11:36 - 2014-11-28 11:36 - 12756088 _____ (ASUS Cloud Corporation) C:\Users\Margaret JOH\Downloads\ASUSWebStorageSyncAgent2.1.15.438.exe
2014-11-28 11:32 - 2014-11-28 11:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\temp
2014-11-25 21:15 - 2014-11-25 21:15 - 00377743 _____ () C:\Users\Margaret JOH\Downloads\MTS_SnowWhiteCharming_1019799_AudreyHepburn.zip
2014-11-25 02:21 - 2014-11-25 02:21 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-11-25 02:15 - 2014-11-25 02:15 - 00000000 _____ () C:\Windows\SysWOW64\shoF4B7.tmp
2014-11-24 00:00 - 2014-11-24 00:23 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Origin
2014-11-23 23:40 - 2014-11-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-23 23:40 - 2014-11-23 23:40 - 00000945 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-11-23 23:40 - 2014-11-23 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-23 23:03 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-11-23 23:02 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-11-23 23:02 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-11-23 23:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-11-23 23:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-11-23 23:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-11-23 23:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-11-23 23:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-11-23 23:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-11-23 23:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-11-23 23:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-11-23 23:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-11-23 23:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-11-23 23:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-11-23 23:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-11-23 22:46 - 2014-11-23 23:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-23 01:23 - 2014-11-23 01:23 - 00003140 _____ () C:\Windows\System32\Tasks\{7FDCD1BE-69AF-4100-9284-739FDC989639}
2014-11-23 00:54 - 2014-11-23 00:54 - 00000000 ___HD () C:\Users\Margaret JOH\AppData\Roaming\GoldenGate
2014-11-23 00:53 - 2014-11-23 00:53 - 00001816 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-11-23 00:53 - 2014-11-23 00:53 - 00000178 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-23 00:52 - 2014-11-23 00:52 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\GameOff
2014-11-23 00:51 - 2014-11-23 00:51 - 00000000 ____D () C:\ProgramData\cPfTJEb
2014-11-23 00:50 - 2014-11-25 02:15 - 00000000 ____D () C:\Program Files\010
2014-11-23 00:50 - 2014-11-23 00:58 - 00000000 ____D () C:\Program Files\9E72B442-9400-4E1B-BF02-37F42BF96F36
2014-11-23 00:50 - 2014-11-23 00:50 - 00000045 _____ () C:\user.js
2014-11-23 00:49 - 2014-11-23 00:49 - 00000000 ____D () C:\Users\Margaret JOH\Sims 4
2014-11-23 00:46 - 2014-11-23 00:46 - 00468541 _____ () C:\Users\Margaret JOH\Downloads\The-Sims-4.rar
2014-11-23 00:35 - 2014-11-23 00:35 - 00003486 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2014-11-23 00:35 - 2014-11-23 00:35 - 00003220 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2014-11-22 17:48 - 2014-12-02 17:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-15 23:02 - 2014-11-15 23:02 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-15 23:02 - 2014-11-15 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-15 23:02 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-11-15 23:01 - 2014-12-02 17:11 - 00000000 ____D () C:\Program Files\iPod
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-15 20:43 - 2014-12-02 17:12 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-11-15 20:43 - 2014-11-30 17:56 - 00000000 ____D () C:\ProgramData\Aimersoft
2014-11-15 20:43 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2014-11-15 20:43 - 2013-03-25 10:46 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2014-11-15 20:42 - 2014-12-02 17:13 - 00000000 ____D () C:\Users\Public\Documents\Aimersoft
2014-11-09 21:50 - 2014-11-09 21:50 - 00011942 _____ () C:\Users\Margaret JOH\Documents\cc_20141109_215028.reg
2014-11-09 21:29 - 2014-11-09 21:29 - 00079200 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_amd64_neutral_8363d00ecae4322d.zip
2014-11-09 21:29 - 2014-11-09 21:29 - 00062845 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_x86_neutral_db87d184bc84f910.zip
2014-11-09 21:26 - 2014-11-30 17:56 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 21:13 - 2011-05-02 18:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 21:12 - 2011-05-02 18:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 21:12 - 2010-11-08 20:49 - 00001582 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-03 21:12 - 2010-11-08 19:56 - 01796222 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 21:11 - 2012-12-11 13:41 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job
2014-12-03 21:11 - 2012-12-11 13:41 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job
2014-12-03 21:11 - 2012-08-05 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 21:11 - 2010-11-08 20:49 - 00000000 ____D () C:\Program Files\P4G
2014-12-03 10:10 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 10:10 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 10:06 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 10:02 - 2012-01-24 22:02 - 00000318 _____ () C:\Windows\SysWOW64\wacom.dat
2014-12-03 10:02 - 2010-11-08 20:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-03 10:02 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 10:01 - 2012-02-25 00:17 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-03 10:01 - 2012-02-25 00:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-02 22:49 - 2014-05-16 18:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 19:54 - 2012-05-14 17:11 - 00000000 ____D () C:\$AVG
2014-12-02 19:49 - 2011-03-31 14:08 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\uTorrent
2014-12-02 19:40 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default
2014-12-02 19:39 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-02 19:38 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH
2014-12-02 19:16 - 2011-03-12 16:11 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-12-02 17:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-02 17:13 - 2014-08-06 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-02 17:13 - 2014-05-19 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-02 17:13 - 2014-05-19 13:48 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\ProductData
2014-12-02 17:13 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP
2014-12-02 17:13 - 2013-03-08 19:31 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2014-12-02 17:13 - 2013-02-14 11:33 - 00000000 ____D () C:\ProgramData\Big Fish Games
2014-12-02 17:13 - 2012-08-22 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-02 17:13 - 2012-04-10 12:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Facebook
2014-12-02 17:13 - 2011-03-19 18:59 - 00000000 ____D () C:\Users\Guest
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-02 17:13 - 2010-11-08 20:51 - 00000000 ____D () C:\ExpressGateUtil
2014-12-02 17:13 - 2010-11-08 20:49 - 00000000 ____D () C:\ProgramData\P4G
2014-12-02 17:13 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\ShellNew
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-12-02 17:12 - 2013-02-14 11:33 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-12-02 17:12 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VirtualStore
2014-12-02 17:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-12-02 17:11 - 2014-05-19 13:46 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-02 17:11 - 2012-09-23 21:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-02 17:11 - 2012-07-01 22:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-02 17:11 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Mozilla
2014-12-02 17:11 - 2011-03-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-02 17:11 - 2010-11-08 20:48 - 00000000 ____D () C:\Program Files\Intel
2014-12-02 17:11 - 2010-11-08 20:47 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:35 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-02 17:11 - 2010-11-08 20:28 - 00000000 ____D () C:\Program Files (x86)\syncables
2014-12-02 17:11 - 2010-11-08 20:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-02 17:11 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-02 17:10 - 2014-08-12 12:59 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-02 17:10 - 2011-03-12 20:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-02 17:10 - 2010-11-08 20:25 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-12-02 17:10 - 2010-11-08 20:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-02 17:10 - 2010-11-08 20:05 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 16:22 - 2013-02-14 11:33 - 00000000 ____D () C:\BigFishGamesCache
2014-12-01 20:52 - 2014-09-01 00:18 - 00000935 _____ () C:\Users\Margaret JOH\AppData\Roaming\COFA
2014-12-01 04:38 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Mozilla
2014-12-01 02:21 - 2013-11-07 14:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-28 11:37 - 2010-11-08 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-28 11:33 - 2011-03-12 16:17 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Asus WebStorage
2014-11-28 10:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-26 07:59 - 2012-08-05 22:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 07:59 - 2012-03-30 22:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 07:59 - 2011-05-15 23:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 03:38 - 2009-07-13 21:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 22:36 - 2014-05-19 15:26 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 02:21 - 2011-03-12 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-25 02:20 - 2011-03-12 20:58 - 00000000 ____D () C:\ProgramData\Avira
2014-11-24 22:14 - 2009-07-28 21:20 - 00000000 ____D () C:\Windows\ABLKSR
2014-11-24 20:27 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Origin
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-11-24 00:32 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-24 00:23 - 2011-10-25 00:42 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Origin
2014-11-23 01:58 - 2011-03-12 16:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-23 01:27 - 2010-11-08 20:49 - 00002784 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-11-22 22:53 - 2014-05-19 13:47 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-22 17:49 - 2014-04-22 03:23 - 00000000 ____D () C:\Users\Margaret JOH\Documents\Electronic Arts
2014-11-15 23:01 - 2011-03-12 21:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-15 20:01 - 2007-11-19 23:41 - 00000000 ____D () C:\Users\Margaret JOH\Shared
2014-11-12 13:25 - 2011-05-02 18:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 13:25 - 2011-05-02 18:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-09 22:01 - 2014-08-28 02:08 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 21:49 - 2011-06-07 02:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-09 19:27 - 2014-08-12 13:00 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\DivX
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 03:16
 
==================== End Of Log ============================
 
 
Second: 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Margaret JOH at 2014-12-03 21:16:51
Running from C:\Users\Margaret JOH\Downloads\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.40 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4015 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0002 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.0.1606_25588 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2609a - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3009.50 - CyberLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.76.380 - Asus)
ExpressGate Cloud (x32 Version: 2.1.76.380 - Asus) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
Fresco Logic USB3.0 Host Controller (HKLM\...\{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}) (Version: 3.0.105.11 - Fresco Logic Inc.)
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MouseServer version 1.5.1.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.1.0 - Necta Co.)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5942 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5942 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version:  - )
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
ShowPass Smartbar Engine (HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\{f656ef39-7698-4306-9aaa-e875e79c47c7}) (Version: 11.118.76.20514 - ReSoft Ltd.) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SuperFast PC (HKLM\...\SuperFast PC) (Version: 1.0 - 383 Media, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
TSR RigFix (HKLM-x32\...\{1F2A56A0-AF80-4423-8C73-ADBFAB40E629}) (Version: 1.0.10 - The Sims Resource)
Unity Web Player (HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.54000.206 - Sonix)
Vacation Quest - The Hawaiian Islands (HKLM-x32\...\Vacation Quest - The Hawaiian Islands) (Version:  - PopCap Games)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Watchtower Library 2010 - English (HKLM-x32\...\{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}) (Version: 12.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - English (HKLM-x32\...\{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2012 - English (HKLM-x32\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.438 - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\F9FD5BBF579A4BFD40D38BE291F731666B27DC28) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (06/11/2009 6.2.0.9500) (HKLM\...\0E74EB10C05C955C24243E6D3120CDC972FC5B1D) (Version: 06/11/2009 6.2.0.9500 - Broadcom)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
01-12-2014 10:16:59 Installed Java 7 Update 71
01-12-2014 12:26:28 Checkpoint by HitmanPro
01-12-2014 12:27:17 Checkpoint by HitmanPro
01-12-2014 20:21:49 AA11
01-12-2014 21:07:33 AA11
01-12-2014 23:54:46 Removed AVG 2014
01-12-2014 23:56:32 Removed AVG 2014
01-12-2014 23:57:57 avast! antivirus system restore point
02-12-2014 00:12:06 Windows Update
03-12-2014 00:35:16 Revo Uninstaller Pro's restore point - Spy
03-12-2014 00:40:42 Revo Uninstaller Pro's restore point - Spyhunter
03-12-2014 00:43:38 Revo Uninstaller Pro's restore point - SpyHunter
03-12-2014 00:46:31 Revo Uninstaller Pro's restore point - SpyHunter 4
03-12-2014 01:07:20 Restore Operation
03-12-2014 02:46:29 Installed AVG 2015
03-12-2014 02:47:11 Installed AVG 2015
03-12-2014 03:53:07 Removed AVG 2015
03-12-2014 03:54:22 Removed AVG 2015
03-12-2014 04:00:40 avast! antivirus system restore point
03-12-2014 04:09:46 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-12-02 19:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09A6BCB6-24C6-4EEE-998E-804D6E37B4C8} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {0D5726FE-299F-47CD-B334-B0323E0D4E32} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)
Task: {17B0B561-4E3C-46BB-8E36-40DA44C6C4E1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {1FC81E7B-1646-4E11-8E4D-B74996AC6E78} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1869828728-3093472841-3018778326-1001
Task: {2D45914A-901A-44E2-BFD2-375FD92D1897} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {4B8198BD-3921-4112-9C5E-42D4BA37BEA2} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {516D2820-2C3C-4067-BB03-0CA406156E95} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
Task: {5E2667BE-11C3-414E-99C8-2F19A3159682} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {65CC26FF-1C37-4A1A-B77E-8DC571545E1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {740DE223-032E-4A53-8E96-E161ECBD13A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {75C90C3C-4881-4A3F-8F40-800D92C82082} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {802FBF7D-BB00-48BD-BDAA-666BC7E18B0C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {888B847B-5CB0-48D4-B5EB-1ECE7D38712C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {9208772E-865F-42C8-853E-D150C52EA0F8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AA7B37A4-9CF5-4854-B94F-F1513A52C5B9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {CD51FAF4-1331-4357-8610-BEBBEAEEEE31} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D2C46CFD-F937-43CC-9E74-4EA911C2D4DB} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D457EC3A-7D4E-45FE-AC8D-9B1845130D47} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {EF21E1CD-0721-405B-B898-60C54144BEB5} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-08-11] (ASUS)
Task: {FA5AD4E3-AAF2-431F-B75C-1E01F8379D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {FF86CD20-1558-403A-8738-D42FAFDC9E1E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-08-20 18:47 - 2010-08-20 18:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-11-08 20:49 - 2007-11-30 11:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-04-02 18:21 - 2008-09-30 22:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-11-04 21:38 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-08 02:32 - 2012-09-08 02:32 - 00943504 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-11-15 20:43 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2013-02-19 12:43 - 2013-02-19 12:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-08-02 16:54 - 2009-08-02 16:54 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-08-12 17:52 - 2010-08-12 17:52 - 00021504 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2010-09-23 15:53 - 2010-09-23 15:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-01-09 21:26 - 2014-01-09 21:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-11-08 20:06 - 2010-04-05 22:29 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-11-06 21:10 - 2014-11-06 21:10 - 01333544 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
2014-12-02 20:04 - 2014-12-02 20:04 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120201\algo.dll
2014-12-03 10:03 - 2014-12-03 10:03 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120300\algo.dll
2014-12-03 14:24 - 2014-12-03 14:24 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120301\algo.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-12 17:52 - 2010-08-12 17:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-12 17:52 - 2010-08-12 17:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-01-09 21:28 - 2014-01-09 21:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-11-15 20:43 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2014-11-15 20:43 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2014-12-02 20:03 - 2014-12-02 20:03 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-11-02 14:20 - 2009-11-02 14:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 14:23 - 2009-11-02 14:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-07-01 11:21 - 2010-07-01 11:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2014-11-25 22:35 - 2014-11-24 22:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 22:35 - 2014-11-24 22:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 22:35 - 2014-11-24 22:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 22:35 - 2014-11-24 22:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1869828728-3093472841-3018778326-500 - Administrator - Disabled)
Guest (S-1-5-21-1869828728-3093472841-3018778326-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1869828728-3093472841-3018778326-1003 - Limited - Enabled)
Margaret JOH (S-1-5-21-1869828728-3093472841-3018778326-1001 - Administrator - Enabled) => C:\Users\Margaret JOH
UpdatusUser (S-1-5-21-1869828728-3093472841-3018778326-1000 - Limited - Enabled) => C:\Users\TEMP
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/03/2014 10:04:56 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 
 
 DETAIL - Access is denied.
 
Error: (12/03/2014 01:34:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/03/2014 01:34:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/03/2014 01:34:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/03/2014 01:34:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/03/2014 01:32:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/03/2014 01:31:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (12/02/2014 11:49:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/02/2014 08:09:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1869828728-3093472841-3018778326-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e5dac468-7137-44cf-ad9a-245ea5b07b32}
 
Error: (12/02/2014 08:00:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1869828728-3093472841-3018778326-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bc769e65-bd1c-4613-b88f-20d9d0e6eb86}
 
 
System errors:
=============
Error: (12/03/2014 10:04:56 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error: 
%%5
 
Error: (12/03/2014 10:02:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
PenClass
 
Error: (12/03/2014 10:02:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error: 
%%5
 
Error: (12/03/2014 10:02:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira AntiVir Scheduler service failed to start due to the following error: 
%%5
 
Error: (12/02/2014 10:58:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (12/02/2014 08:10:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.189.1135.0).
 
Error: (12/02/2014 07:39:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/02/2014 07:38:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/02/2014 07:35:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/02/2014 07:31:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VideAceWindowsService service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (12/03/2014 10:04:56 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Access is denied.
 
Error: (12/03/2014 01:34:58 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\margaret joh\downloads\esetsmartinstaller_enu.exe
 
Error: (12/03/2014 01:34:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\margaret joh\downloads\esetsmartinstaller_enu.exe
 
Error: (12/03/2014 01:34:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\margaret joh\downloads\esetsmartinstaller_enu.exe
 
Error: (12/03/2014 01:34:21 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\margaret joh\downloads\esetsmartinstaller_enu.exe
 
Error: (12/03/2014 01:32:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (12/03/2014 01:31:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (12/02/2014 11:49:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Margaret JOH\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/02/2014 08:09:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1869828728-3093472841-3018778326-1000.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e5dac468-7137-44cf-ad9a-245ea5b07b32}
 
Error: (12/02/2014 08:00:40 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1869828728-3093472841-3018778326-1000.bak)0x80070539, The security ID structure is invalid.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bc769e65-bd1c-4613-b88f-20d9d0e6eb86}
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 19:38:29.969
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 19:38:29.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-01 23:58:46.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-01 23:58:46.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-01 23:58:46.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-01 23:58:46.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-01 23:58:46.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-01 23:58:46.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3884.48 MB
Available physical RAM: 1623.07 MB
Total Pagefile: 9708.66 MB
Available Pagefile: 6911.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:157.87 GB) NTFS
Drive e: (Sims3EP05) (CDROM) (Total:5.3 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=327.8 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
Thanks. Awaiting further instructions.
 
Yes I even used Combofix (!!!) if you think it caused problems and I should do a system restore or something to that effect, let me know. I havent noticed problems, other than that I'm horribly infected. Side note: The spyware I've noted (redirects and widgets) still work in safemode!

Edited by spidergirl79, 03 December 2014 - 11:30 PM.

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again spidergirl79,

Bit to do in this one but I am sure you can handle it. :)

Firstly

Avira, Avast and AVG are showing in your logs. The AVG one seems to be a minor leftover, the Avira bits and pieces may be leftovers too but are still showing as active. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

You appear to be using Avast so let's remove the others.

Please uninstall:

AVG 2015

and the adware program

ShowPass Smartbar Engine

Step 2

Download and run the Avira removal tool

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

GroupPolicyUsers\S-1-5-21-1869828728-3093472841-3018778326-1000\User: Group Policy restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
C:\Program Files\Playzy
CHR HKLM-x32\...\Chrome\Extension: [colpjdoahbljmegmngnppjhcmalaldnl] - C:\Users\MARGAR~1\AppData\Local\Temp\colpjdoahbljmegmngnppjhcmalaldnl.crx [Not Found]
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download : ADWCleaner to your desktop  (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon. AdwCleaner will update itself and then open.

AdwCleaner.jpg

Click on Scan  and follow the prompts. It may appear not to be doing anything, please be patient and let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

After that

Please download Junkware Removal Tool to your desktop.

 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Finally in this post

  • Please run Farbars Recovery Scan Tool again. Double click on FRST64 to open. Allow it to update if it wants to
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

So when you return please post

  • Fixlog.txt
  • AdwCleaner log
  • JRT.txt
  • FRST.txt

 

 


  • 0

#5
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I have already uninstalled AVG 2015...yesterday? I dont see it on my programs list. When I try to uninstall Showpass smartbar engine literally nothing happens at all. Suggestions? When I attempt to install the Avira thing I get 404 not found.

 

ETA: I uninstalled Showpass Smartbar using Revo Uninstaller, that seemed to work. I uninstalled it in the safest mode possible to not screw up anything. Its no longer on my programs list.


Edited by spidergirl79, 04 December 2014 - 03:12 AM.

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Just go ahead with the other actions, AVG and Avira are included in those too.

 

We will see how it goes. :)


  • 0

#7
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Okay so I found the Avira Removal Tool on Softpedia (as the link you provided didn't work) and the scan didn't find anything.

 

Here are the results from the fixlog: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Margaret JOH at 2014-12-04 15:44:09 Run:1
Running from C:\Users\Margaret JOH\Downloads\Desktop
Loaded Profiles: UpdatusUser & Margaret JOH & Guest (Available profiles: UpdatusUser & Margaret JOH & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-1869828728-3093472841-3018778326-1000\User: Group Policy restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
C:\Program Files\Playzy
CHR HKLM-x32\...\Chrome\Extension: [colpjdoahbljmegmngnppjhcmalaldnl] - C:\Users\MARGAR~1\AppData\Local\Temp\colpjdoahbljmegmngnppjhcmalaldnl.crx [Not Found]
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AlternateDataStreams: C:\ProgramData\Temp:B1FBBD09
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
EmptyTemp:
*****************
 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1869828728-3093472841-3018778326-1000\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
"HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{121C6AF3-6778-4360-AFDB-57BD4E3E4343} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{121C6AF3-6778-4360-AFDB-57BD4E3E4343} => value deleted successfully.
"C:\Program Files\Playzy" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\colpjdoahbljmegmngnppjhcmalaldnl" => Key deleted successfully.
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7} => The item is protected. Make sure the software is uninstalled and its services is removed.
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} => The item is protected. Make sure the software is uninstalled and its services is removed.
C:\ProgramData\Temp => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\Temp => ":D20FFA63" ADS removed successfully.
EmptyTemp: => Removed 442.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Next I am going to do the AdwCleaner so I'll be back later to post the results.

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

(as the link you provided didn't work)

 

I checked it before I posted it yesterday and I have just checked it again and it works for me. I don't know why it didn't work for you.

 

 

Next I am going to do the AdwCleaner so I'll be back later to post the results.

 

Look forward to seeing them. :)


  • 0

#9
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

 

 

(as the link you provided didn't work)

 

I checked it before I posted it yesterday and I have just checked it again and it works for me. I don't know why it didn't work for you.

 

 

Next I am going to do the AdwCleaner so I'll be back later to post the results.

 

Look forward to seeing them. :)

 

It was the download link here http://avira-antivir...g/download.html that didn't work for me. I get 404 not found. Oh well, I found it elsewhere. :)

 

Okay so I did the adWcleaner scan and it says "Pending. Please uncheck elements you don't want to remove." Now, there is nothing to remove. I did use this program before coming to this forum for help and it did find and remove things but now it hasn't found anything. Is there nothing to find?

 

# AdwCleaner v4.103 - Report created 01/12/2014 at 04:45:17
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Margaret JOH - MARGARETJOH-PC
# Running from : C:\Users\Margaret JOH\Downloads\adwcleaner_4.103.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v33.1.1 (x86 en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [11393 octets] - [01/12/2014 03:04:54]
AdwCleaner[R1].txt - [10227 octets] - [01/12/2014 03:22:27]
AdwCleaner[R2].txt - [10289 octets] - [01/12/2014 03:25:50]
AdwCleaner[R3].txt - [1043 octets] - [01/12/2014 03:51:34]
AdwCleaner[R4].txt - [1057 octets] - [01/12/2014 04:45:17]
AdwCleaner[S0].txt - [10269 octets] - [01/12/2014 03:29:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1178 octets] ##########
# AdwCleaner v4.104 - Report created 04/12/2014 at 16:17:36
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Margaret JOH - MARGARETJOH-PC
# Running from : C:\Users\Margaret JOH\Downloads\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [21911 octets] - [01/12/2014 03:04:54]
AdwCleaner[R1].txt - [11333 octets] - [01/12/2014 03:22:27]
AdwCleaner[R2].txt - [11604 octets] - [01/12/2014 03:25:50]
AdwCleaner[R3].txt - [2357 octets] - [01/12/2014 03:51:34]
AdwCleaner[R4].txt - [2164 octets] - [01/12/2014 04:45:17]
AdwCleaner[S0].txt - [20593 octets] - [01/12/2014 03:29:18]
AdwCleaner[S1].txt - [1166 octets] - [02/12/2014 19:14:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2345 octets] ##########
 

 

Results of the Junkware removal tool: (Ive used this before and it cleared stuff, but again that was before I came to this forum. Now it doesnt appear to find anything)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Margaret JOH on 04/12/2014 at 16:11:48.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/12/2014 at 16:15:58.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by spidergirl79, 04 December 2014 - 06:19 PM.

  • 0

#10
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Wow I just tried to watch a video on global news and literally got a browser redirect from youradexchange. Is still literally infecting my computer. I'm not sure if utop.it is gone, i feel like that was a separate infection...


  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

It was the download link here http://avira-antivir...g/download.html that didn't work for me. I get 404 not found.

 
Looks like you didn't use the link I provided in the instructions lol; this one:
 
Avira removal tool
 

We may have some more work to do with Avira as well as the adware.

 

Meanwhile I look forward to seeing the new scan from FRST that I asked for. :)

 

Edit

 

I have just caught up with your last reply. Please don't use the internet for browsing while we are working to clean your machine. It only increases the risk of an active malicious file reinfecting your browsers.


  • 0

#12
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

 

It was the download link here http://avira-antivir...g/download.html that didn't work for me. I get 404 not found.

 
Looks like you didn't use the link I provided in the instructions lol; this one:
 
Avira removal tool
 

We may have some more work to do with Avira as well as the adware.

 

Meanwhile I look forward to seeing the new scan from FRST that I asked for. :)

 

Edit

 

I have just caught up with your last reply. Please don't use the internet for browsing while we are working to clean your machine. It only increases the risk of an active malicious file reinfecting your browsers.

 

 

Sorry bout that! I will not use it. (The Avira download link opens a new tab to download it, when i hit download, thats where I get the 404 not found)

 

Here is my new FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Margaret JOH (administrator) on MARGARETJOH-PC on 04-12-2014 16:39:11
Running from C:\Users\Margaret JOH\Downloads\Desktop
Loaded Profile: Margaret JOH (Available profiles: UpdatusUser & Margaret JOH & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Windows\SysWOW64\Tablet.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(wifimouse.necta.us) C:\Program Files (x86)\MouseServer\MouseServer.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-11-08] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-01-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe [5244712 2014-11-06] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [242688 2014-10-14] (wifimouse.necta.us)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1869828728-3093472841-3018778326-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab
DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: linkscanner - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSAMVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: [NameServer] 31.168.224.106,5.135.12.52
Tcpip\..\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: [NameServer] 31.168.224.106,5.135.12.52
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margaret JOH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: facebook.com/fbDesktopPlugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-19]
CHR Extension: (Avira Browser Safety) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-02]
CHR Extension: (Avast Online Security) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-27] () [File not signed]
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-03] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-24] (Electronic Arts)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-05] () [File not signed]
R2 TabletService; C:\Windows\SysWOW64\Tablet.exe [548864 2002-03-19] (Wacom Technology, Corp.) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-03] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-03] (Avira GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-24] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 PenClass; C:\Windows\SysWOW64\Drivers\PenClass.sys [8138 2001-04-09] (Wacom Technology Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 WinRing0_1_2_0; \??\C:\Users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 15:54 - 2014-12-04 16:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-04 01:17 - 2014-12-04 01:17 - 00367104 _____ (Avira GmbH) C:\Users\Margaret JOH\Downloads\removaltool-win32-en.exe
2014-12-04 01:08 - 2014-12-04 01:08 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-04 01:08 - 2014-12-04 01:08 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-04 01:08 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-12-04 01:07 - 2014-12-04 01:08 - 10691640 _____ (VS Revo Group ) C:\Users\Margaret JOH\Downloads\RevoUninProSetup.exe
2014-12-03 21:15 - 2014-12-04 16:39 - 00000000 ____D () C:\FRST
2014-12-02 22:57 - 2014-12-02 22:57 - 02347384 _____ (ESET) C:\Users\Margaret JOH\Downloads\esetsmartinstaller_enu.exe
2014-12-02 22:57 - 2014-12-02 22:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-02 20:28 - 2014-12-02 20:28 - 00063266 _____ () C:\Users\Margaret JOH\Downloads\Extras.Txt
2014-12-02 20:27 - 2014-12-02 20:27 - 00123450 _____ () C:\Users\Margaret JOH\Downloads\OTL.Txt
2014-12-02 20:18 - 2014-12-02 20:18 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL (1).exe
2014-12-02 20:10 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-02 20:05 - 2014-12-02 20:05 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL.exe
2014-12-02 20:04 - 2014-12-04 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-02 20:04 - 2014-12-02 20:04 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-02 20:04 - 2014-12-02 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-02 20:04 - 2014-12-02 20:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-02 20:03 - 2014-12-02 20:04 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-02 20:03 - 2014-12-02 20:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-02 20:03 - 2014-12-02 20:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-02 19:59 - 2014-12-02 20:00 - 05006864 _____ (AVAST Software) C:\Users\Margaret JOH\Downloads\avast_free_antivirus_setup_online.exe
2014-12-02 19:40 - 2014-12-02 19:40 - 00022917 _____ () C:\ComboFix.txt
2014-12-02 19:29 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-02 19:29 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-02 19:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-02 19:28 - 2014-12-02 19:40 - 00000000 ____D () C:\Qoobox
2014-12-02 19:27 - 2014-12-02 19:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-02 19:26 - 2014-12-02 19:26 - 05600127 ____R (Swearware) C:\Users\Margaret JOH\Downloads\ComboFix.exe
2014-12-02 19:25 - 2014-12-02 19:25 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill.exe
2014-12-02 19:25 - 2014-12-02 19:25 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill64.exe
2014-12-02 18:56 - 2014-12-02 18:56 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVG2015
2014-12-02 18:48 - 2014-12-03 10:01 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-02 18:44 - 2014-12-02 19:03 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Avg2015
2014-12-02 18:27 - 2014-12-02 18:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 18:26 - 2014-12-02 18:27 - 01707646 _____ (Thisisu) C:\Users\Margaret JOH\Downloads\JRT.exe
2014-12-02 17:45 - 2014-12-04 15:46 - 00010518 _____ () C:\Windows\PFRO.log
2014-12-02 17:18 - 2014-12-02 17:18 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Aimersoft
2014-12-02 17:14 - 2014-12-04 15:46 - 00000448 _____ () C:\Windows\setupact.log
2014-12-02 17:14 - 2014-12-02 17:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-02 16:33 - 2014-12-04 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VS Revo Group
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-01 18:22 - 2014-12-02 16:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-01 18:22 - 2014-12-01 18:22 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-01 16:02 - 2014-12-01 16:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVAST Software
2014-12-01 15:58 - 2014-12-01 15:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-01 15:57 - 2014-12-01 15:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-01 13:19 - 2014-12-01 13:20 - 00014021 _____ () C:\Users\Margaret JOH\Downloads\hijackthis.log
2014-12-01 12:26 - 2014-12-01 12:26 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\LavasoftStatistics
2014-12-01 06:06 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 04:16 - 2014-12-01 04:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-01 03:04 - 2014-12-04 16:19 - 00000000 ____D () C:\AdwCleaner
2014-11-30 18:16 - 2014-11-30 18:16 - 00099564 _____ () C:\Users\Margaret JOH\Documents\cc_20141130_181617.reg
2014-11-30 18:06 - 2014-11-30 18:06 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500.exe
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500 (1).exe
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 __SHD () C:\aws
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 ____D () C:\Asus WebStorage
2014-11-28 11:38 - 2014-12-04 15:48 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\WebStorage
2014-11-28 11:38 - 2014-11-28 11:38 - 00000000 ____D () C:\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00001248 _____ () C:\Users\Public\Desktop\WebStorage.lnk
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-11-28 11:36 - 2014-11-28 11:36 - 12756088 _____ (ASUS Cloud Corporation) C:\Users\Margaret JOH\Downloads\ASUSWebStorageSyncAgent2.1.15.438.exe
2014-11-28 11:32 - 2014-11-28 11:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\temp
2014-11-25 21:15 - 2014-11-25 21:15 - 00377743 _____ () C:\Users\Margaret JOH\Downloads\MTS_SnowWhiteCharming_1019799_AudreyHepburn.zip
2014-11-25 02:21 - 2014-11-25 02:21 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-11-25 02:15 - 2014-11-25 02:15 - 00000000 _____ () C:\Windows\SysWOW64\shoF4B7.tmp
2014-11-24 00:00 - 2014-11-24 00:23 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Origin
2014-11-23 23:40 - 2014-11-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-23 23:40 - 2014-11-23 23:40 - 00000945 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-11-23 23:40 - 2014-11-23 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-23 23:03 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-11-23 23:02 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-11-23 23:02 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-11-23 23:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-11-23 23:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-11-23 23:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-11-23 23:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-11-23 23:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-11-23 23:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-11-23 23:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-11-23 23:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-11-23 23:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-11-23 23:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-11-23 23:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-11-23 23:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-11-23 22:46 - 2014-11-23 23:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-23 01:23 - 2014-11-23 01:23 - 00003140 _____ () C:\Windows\System32\Tasks\{7FDCD1BE-69AF-4100-9284-739FDC989639}
2014-11-23 00:54 - 2014-11-23 00:54 - 00000000 ___HD () C:\Users\Margaret JOH\AppData\Roaming\GoldenGate
2014-11-23 00:53 - 2014-11-23 00:53 - 00001816 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-11-23 00:53 - 2014-11-23 00:53 - 00000178 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-23 00:52 - 2014-11-23 00:52 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\GameOff
2014-11-23 00:51 - 2014-11-23 00:51 - 00000000 ____D () C:\ProgramData\cPfTJEb
2014-11-23 00:50 - 2014-11-25 02:15 - 00000000 ____D () C:\Program Files\010
2014-11-23 00:50 - 2014-11-23 00:58 - 00000000 ____D () C:\Program Files\9E72B442-9400-4E1B-BF02-37F42BF96F36
2014-11-23 00:50 - 2014-11-23 00:50 - 00000045 _____ () C:\user.js
2014-11-23 00:49 - 2014-11-23 00:49 - 00000000 ____D () C:\Users\Margaret JOH\Sims 4
2014-11-23 00:46 - 2014-11-23 00:46 - 00468541 _____ () C:\Users\Margaret JOH\Downloads\The-Sims-4.rar
2014-11-23 00:35 - 2014-11-23 00:35 - 00003486 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2014-11-23 00:35 - 2014-11-23 00:35 - 00003220 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2014-11-22 17:48 - 2014-12-02 17:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-15 23:02 - 2014-11-15 23:02 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-15 23:02 - 2014-11-15 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-15 23:02 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-11-15 23:01 - 2014-12-02 17:11 - 00000000 ____D () C:\Program Files\iPod
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-15 20:43 - 2014-12-02 17:12 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-11-15 20:43 - 2014-11-30 17:56 - 00000000 ____D () C:\ProgramData\Aimersoft
2014-11-15 20:43 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2014-11-15 20:43 - 2013-03-25 10:46 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2014-11-15 20:42 - 2014-12-02 17:13 - 00000000 ____D () C:\Users\Public\Documents\Aimersoft
2014-11-09 21:50 - 2014-11-09 21:50 - 00011942 _____ () C:\Users\Margaret JOH\Documents\cc_20141109_215028.reg
2014-11-09 21:29 - 2014-11-09 21:29 - 00079200 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_amd64_neutral_8363d00ecae4322d.zip
2014-11-09 21:29 - 2014-11-09 21:29 - 00062845 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_x86_neutral_db87d184bc84f910.zip
2014-11-09 21:26 - 2014-11-30 17:56 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 16:30 - 2011-05-02 18:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 16:28 - 2012-12-11 13:41 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job
2014-12-04 16:28 - 2012-12-11 13:41 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job
2014-12-04 15:59 - 2012-08-05 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 15:53 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 15:53 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 15:49 - 2010-11-08 19:56 - 01804193 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 15:46 - 2012-01-24 22:02 - 00000318 _____ () C:\Windows\SysWOW64\wacom.dat
2014-12-04 15:46 - 2011-05-02 18:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 15:46 - 2011-03-12 17:27 - 00000008 __RSH () C:\Users\Margaret JOH\ntuser.pol
2014-12-04 15:46 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH
2014-12-04 15:46 - 2010-11-08 20:49 - 00000000 ____D () C:\Program Files\P4G
2014-12-04 15:46 - 2010-11-08 20:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-04 15:46 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 15:44 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-03 23:05 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 21:12 - 2010-11-08 20:49 - 00001582 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-03 10:01 - 2012-02-25 00:17 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-03 10:01 - 2012-02-25 00:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-02 22:49 - 2014-05-16 18:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 19:54 - 2012-05-14 17:11 - 00000000 ____D () C:\$AVG
2014-12-02 19:49 - 2011-03-31 14:08 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\uTorrent
2014-12-02 19:40 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default
2014-12-02 19:39 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-02 19:16 - 2011-03-12 16:11 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-12-02 17:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-02 17:13 - 2014-08-06 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-02 17:13 - 2014-05-19 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-02 17:13 - 2014-05-19 13:48 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\ProductData
2014-12-02 17:13 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP
2014-12-02 17:13 - 2013-03-08 19:31 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2014-12-02 17:13 - 2013-02-14 11:33 - 00000000 ____D () C:\ProgramData\Big Fish Games
2014-12-02 17:13 - 2012-08-22 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-02 17:13 - 2012-04-10 12:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Facebook
2014-12-02 17:13 - 2011-03-19 18:59 - 00000000 ____D () C:\Users\Guest
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-02 17:13 - 2010-11-08 20:51 - 00000000 ____D () C:\ExpressGateUtil
2014-12-02 17:13 - 2010-11-08 20:49 - 00000000 ____D () C:\ProgramData\P4G
2014-12-02 17:13 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\ShellNew
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-12-02 17:12 - 2013-02-14 11:33 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-12-02 17:12 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VirtualStore
2014-12-02 17:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-12-02 17:11 - 2014-05-19 13:46 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-02 17:11 - 2012-09-23 21:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-02 17:11 - 2012-07-01 22:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-02 17:11 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Mozilla
2014-12-02 17:11 - 2011-03-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-02 17:11 - 2010-11-08 20:48 - 00000000 ____D () C:\Program Files\Intel
2014-12-02 17:11 - 2010-11-08 20:47 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:35 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-02 17:11 - 2010-11-08 20:28 - 00000000 ____D () C:\Program Files (x86)\syncables
2014-12-02 17:11 - 2010-11-08 20:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-02 17:11 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-02 17:10 - 2014-08-12 12:59 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-02 17:10 - 2011-03-12 20:58 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-02 17:10 - 2010-11-08 20:25 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-12-02 17:10 - 2010-11-08 20:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-02 17:10 - 2010-11-08 20:05 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 16:22 - 2013-02-14 11:33 - 00000000 ____D () C:\BigFishGamesCache
2014-12-01 20:52 - 2014-09-01 00:18 - 00000935 _____ () C:\Users\Margaret JOH\AppData\Roaming\COFA
2014-12-01 04:38 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Mozilla
2014-12-01 02:21 - 2013-11-07 14:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-28 11:37 - 2010-11-08 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-28 11:33 - 2011-03-12 16:17 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Asus WebStorage
2014-11-28 10:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-26 07:59 - 2012-08-05 22:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 07:59 - 2012-03-30 22:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 07:59 - 2011-05-15 23:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 03:38 - 2009-07-13 21:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 22:36 - 2014-05-19 15:26 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 02:21 - 2011-03-12 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-25 02:20 - 2011-03-12 20:58 - 00000000 ____D () C:\ProgramData\Avira
2014-11-24 22:14 - 2009-07-28 21:20 - 00000000 ____D () C:\Windows\ABLKSR
2014-11-24 20:27 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Origin
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-11-24 00:32 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-24 00:23 - 2011-10-25 00:42 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Origin
2014-11-23 01:58 - 2011-03-12 16:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-23 01:27 - 2010-11-08 20:49 - 00002784 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-11-22 22:53 - 2014-05-19 13:47 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-22 17:49 - 2014-04-22 03:23 - 00000000 ____D () C:\Users\Margaret JOH\Documents\Electronic Arts
2014-11-15 23:01 - 2011-03-12 21:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-15 20:01 - 2007-11-19 23:41 - 00000000 ____D () C:\Users\Margaret JOH\Shared
2014-11-12 13:25 - 2011-05-02 18:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 13:25 - 2011-05-02 18:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-09 22:01 - 2014-08-28 02:08 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 21:49 - 2011-06-07 02:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-09 19:27 - 2014-08-12 13:00 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\DivX
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 03:16
 
==================== End Of Log ============================

  • 0

#13
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I tried to check my hotmail on this computer a few days ago and it said "Your browser is not secure someone could be  ..." or something to that affect. Then I tried to check my hotmail just now on my TABLET and I got the same message. Don't know if this is relevant to my problem but I thought I'd let you know.


  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Question:
 
Do you know about these entries:
 
Tcpip\..\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: [NameServer] 31.168.224.106,5.135.12.52
Tcpip\..\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: [NameServer] 31.168.224.106,5.135.12.52
 
When I check it I get:
 
NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] 

 

or

 

an IP somewhere in France.

 

Does that make sense to you?

 

Edit

 

I have just discovered another return for Israel maybe that makes sense?


  • 1

#15
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Literally makes no sense to me, I live in Canada. I recently TRIED and removed that browser-add on called Hola, which lets you access blocked sites through proxies, but I decided maybe it was unsafe and it annoyed me so I got rid of it. I have literally no clue why you'd find anything from France or Isreal in there! Should I be scanning the other computer in our house for problems? I dont think its used as often as mine.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP