Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Several infections [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again spidergirl79,
 

thats where I get the 404 not found


Hmm... I will check that out. Haven't used it in a while, why I checked out the initial link. Looks as if it has died lol.

 

 

 

Literally makes no sense to me, I live in Canada. I recently TRIED and removed that browser-add on called Hola, which lets you access blocked sites through proxies, but I decided maybe it was unsafe and it annoyed me so I got rid of it. I have literally no clue why you'd find anything from France or Isreal in there! Should I be scanning the other computer in our house for problems? I dont think its used as often as mine.

 

It looks suspicious and part of it (the French bit) was reported as blacklisted at one point.

 

I will remove it and see if that makes a difference.

 

 

Should I be scanning the other computer in our house for problems?

 

We could check it out later but unless it is experiencing redirects it's probably confined to your machine.

 

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-01-10] ()
CHR Extension: (Avira Browser Safety) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-02]
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL =
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
Handler: WSAMVCUchrome - No CLSID Value
Tcpip\..\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: [NameServer] 31.168.224.106,5.135.12.52
Tcpip\..\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: [NameServer] 31.168.224.106,5.135.12.52
C:\Program Files (x86)\AVG
DisableService: AntiVirSchedulerService
DisableService: AntiVirService
C:\Program Files (x86)\Avira
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please run a scan with FRST again but this time please tick (check) the box Shortcut.txt before you press scan.

When you return please post

  • Fixlog.txt
  • FRST.txt

 


  • 1

Advertisements


#17
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Margaret JOH at 2014-12-04 18:24:18 Run:2
Running from C:\Users\Margaret JOH\Downloads\Desktop
Loaded Profile: Margaret JOH (Available profiles: UpdatusUser & Margaret JOH & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-01-10] ()
CHR Extension: (Avira Browser Safety) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-02]
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL =
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
Handler: WSAMVCUchrome - No CLSID Value
Tcpip\..\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: [NameServer] 31.168.224.106,5.135.12.52
Tcpip\..\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: [NameServer] 31.168.224.106,5.135.12.52
C:\Program Files (x86)\AVG
DisableService: AntiVirSchedulerService
DisableService: AntiVirService
C:\Program Files (x86)\Avira
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt  
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\avgnt => value deleted successfully.
C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => value deleted successfully.
"HKCR\PROTOCOLS\Handler\Handler: WSAMVCUchrome - No CLSID Value" => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}\\NameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}\\NameServer => value deleted successfully.
C:\Program Files (x86)\AVG => Moved successfully.
AntiVirSchedulerService service could not be disabled
AntiVirService service could not be disabled
C:\Program Files (x86)\Avira => Moved successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : vs.shawcable.net
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::c53f:be00:664:f47%10
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter Reusable ISATAP Interface {DC238701-6061-49C0-B27E-1D612A98EB28}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1082:f24:3f57:ff9b
   Link-local IPv6 Address . . . . . : fe80::1082:f24:3f57:ff9b%18
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.{1A12B70C-F1EF-4494-860A-4CE4FBAEBB70}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : vs.shawcable.net
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : vs.shawcable.net
   Link-local IPv6 Address . . . . . : fe80::c53f:be00:664:f47%10
   IPv4 Address. . . . . . . . . . . : 192.168.0.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Tunnel adapter Reusable ISATAP Interface {DC238701-6061-49C0-B27E-1D612A98EB28}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : vs.shawcable.net
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1082:f24:3f57:ff9b
   Link-local IPv6 Address . . . . . : fe80::1082:f24:3f57:ff9b%18
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.{1A12B70C-F1EF-4494-860A-4CE4FBAEBB70}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 50.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
and FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Margaret JOH (administrator) on MARGARETJOH-PC on 04-12-2014 18:31:12
Running from C:\Users\Margaret JOH\Downloads\Desktop
Loaded Profile: Margaret JOH (Available profiles: UpdatusUser & Margaret JOH & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Windows\SysWOW64\Tablet.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(wifimouse.necta.us) C:\Program Files (x86)\MouseServer\MouseServer.exe
(ASUS) C:\Windows\AsScrPro.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-11-08] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe [5244712 2014-11-06] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [242688 2014-10-14] (wifimouse.necta.us)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1869828728-3093472841-3018778326-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab
DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: linkscanner - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSAMVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margaret JOH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: facebook.com/fbDesktopPlugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-19]
CHR Extension: (Avast Online Security) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-24] (Electronic Arts)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-05] () [File not signed]
R2 TabletService; C:\Windows\SysWOW64\Tablet.exe [548864 2002-03-19] (Wacom Technology, Corp.) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-03] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-03] (Avira GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-24] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 PenClass; C:\Windows\SysWOW64\Drivers\PenClass.sys [8138 2001-04-09] (Wacom Technology Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 WinRing0_1_2_0; \??\C:\Users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 15:54 - 2014-12-04 16:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-04 01:17 - 2014-12-04 01:17 - 00367104 _____ (Avira GmbH) C:\Users\Margaret JOH\Downloads\removaltool-win32-en.exe
2014-12-04 01:08 - 2014-12-04 01:08 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-04 01:08 - 2014-12-04 01:08 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-04 01:08 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-12-04 01:07 - 2014-12-04 01:08 - 10691640 _____ (VS Revo Group ) C:\Users\Margaret JOH\Downloads\RevoUninProSetup.exe
2014-12-03 21:15 - 2014-12-04 18:31 - 00000000 ____D () C:\FRST
2014-12-02 22:57 - 2014-12-02 22:57 - 02347384 _____ (ESET) C:\Users\Margaret JOH\Downloads\esetsmartinstaller_enu.exe
2014-12-02 22:57 - 2014-12-02 22:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-02 20:28 - 2014-12-02 20:28 - 00063266 _____ () C:\Users\Margaret JOH\Downloads\Extras.Txt
2014-12-02 20:27 - 2014-12-02 20:27 - 00123450 _____ () C:\Users\Margaret JOH\Downloads\OTL.Txt
2014-12-02 20:18 - 2014-12-02 20:18 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL (1).exe
2014-12-02 20:10 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-02 20:05 - 2014-12-02 20:05 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL.exe
2014-12-02 20:04 - 2014-12-04 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-02 20:04 - 2014-12-02 20:04 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-02 20:04 - 2014-12-02 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-02 20:04 - 2014-12-02 20:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-02 20:03 - 2014-12-02 20:04 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-02 20:03 - 2014-12-02 20:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-02 20:03 - 2014-12-02 20:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-02 19:59 - 2014-12-02 20:00 - 05006864 _____ (AVAST Software) C:\Users\Margaret JOH\Downloads\avast_free_antivirus_setup_online.exe
2014-12-02 19:40 - 2014-12-02 19:40 - 00022917 _____ () C:\ComboFix.txt
2014-12-02 19:29 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-02 19:29 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-02 19:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-02 19:28 - 2014-12-02 19:40 - 00000000 ____D () C:\Qoobox
2014-12-02 19:27 - 2014-12-02 19:39 - 00000000 ____D () C:\Windows\erdnt
2014-12-02 19:26 - 2014-12-02 19:26 - 05600127 ____R (Swearware) C:\Users\Margaret JOH\Downloads\ComboFix.exe
2014-12-02 19:25 - 2014-12-02 19:25 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill.exe
2014-12-02 19:25 - 2014-12-02 19:25 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill64.exe
2014-12-02 18:56 - 2014-12-02 18:56 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVG2015
2014-12-02 18:48 - 2014-12-03 10:01 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-02 18:44 - 2014-12-02 19:03 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Avg2015
2014-12-02 18:27 - 2014-12-02 18:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 18:26 - 2014-12-02 18:27 - 01707646 _____ (Thisisu) C:\Users\Margaret JOH\Downloads\JRT.exe
2014-12-02 17:45 - 2014-12-04 15:46 - 00010518 _____ () C:\Windows\PFRO.log
2014-12-02 17:18 - 2014-12-02 17:18 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Aimersoft
2014-12-02 17:14 - 2014-12-04 18:25 - 00000504 _____ () C:\Windows\setupact.log
2014-12-02 17:14 - 2014-12-02 17:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-02 16:33 - 2014-12-04 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VS Revo Group
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-01 18:22 - 2014-12-02 16:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-01 18:22 - 2014-12-01 18:22 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-01 16:02 - 2014-12-01 16:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVAST Software
2014-12-01 15:58 - 2014-12-01 15:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-01 15:57 - 2014-12-01 15:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-01 13:19 - 2014-12-01 13:20 - 00014021 _____ () C:\Users\Margaret JOH\Downloads\hijackthis.log
2014-12-01 12:26 - 2014-12-01 12:26 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\LavasoftStatistics
2014-12-01 06:06 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 04:16 - 2014-12-01 04:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-01 03:04 - 2014-12-04 16:19 - 00000000 ____D () C:\AdwCleaner
2014-11-30 18:16 - 2014-11-30 18:16 - 00099564 _____ () C:\Users\Margaret JOH\Documents\cc_20141130_181617.reg
2014-11-30 18:06 - 2014-11-30 18:06 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500.exe
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500 (1).exe
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 __SHD () C:\aws
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 ____D () C:\Asus WebStorage
2014-11-28 11:38 - 2014-12-04 18:28 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\WebStorage
2014-11-28 11:38 - 2014-11-28 11:38 - 00000000 ____D () C:\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00001248 _____ () C:\Users\Public\Desktop\WebStorage.lnk
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-11-28 11:36 - 2014-11-28 11:36 - 12756088 _____ (ASUS Cloud Corporation) C:\Users\Margaret JOH\Downloads\ASUSWebStorageSyncAgent2.1.15.438.exe
2014-11-28 11:32 - 2014-11-28 11:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\temp
2014-11-25 21:15 - 2014-11-25 21:15 - 00377743 _____ () C:\Users\Margaret JOH\Downloads\MTS_SnowWhiteCharming_1019799_AudreyHepburn.zip
2014-11-25 02:21 - 2014-11-25 02:21 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-11-25 02:15 - 2014-11-25 02:15 - 00000000 _____ () C:\Windows\SysWOW64\shoF4B7.tmp
2014-11-24 00:00 - 2014-11-24 00:23 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Origin
2014-11-23 23:40 - 2014-11-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-23 23:40 - 2014-11-23 23:40 - 00000945 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-11-23 23:40 - 2014-11-23 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-23 23:03 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-11-23 23:02 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-11-23 23:02 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-11-23 23:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-11-23 23:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-11-23 23:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-11-23 23:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-11-23 23:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-11-23 23:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-11-23 23:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-11-23 23:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-11-23 23:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-11-23 23:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-11-23 23:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-11-23 23:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-11-23 22:46 - 2014-11-23 23:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-23 01:23 - 2014-11-23 01:23 - 00003140 _____ () C:\Windows\System32\Tasks\{7FDCD1BE-69AF-4100-9284-739FDC989639}
2014-11-23 00:54 - 2014-11-23 00:54 - 00000000 ___HD () C:\Users\Margaret JOH\AppData\Roaming\GoldenGate
2014-11-23 00:53 - 2014-11-23 00:53 - 00001816 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-11-23 00:53 - 2014-11-23 00:53 - 00000178 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-23 00:52 - 2014-11-23 00:52 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\GameOff
2014-11-23 00:51 - 2014-11-23 00:51 - 00000000 ____D () C:\ProgramData\cPfTJEb
2014-11-23 00:50 - 2014-11-25 02:15 - 00000000 ____D () C:\Program Files\010
2014-11-23 00:50 - 2014-11-23 00:58 - 00000000 ____D () C:\Program Files\9E72B442-9400-4E1B-BF02-37F42BF96F36
2014-11-23 00:50 - 2014-11-23 00:50 - 00000045 _____ () C:\user.js
2014-11-23 00:49 - 2014-11-23 00:49 - 00000000 ____D () C:\Users\Margaret JOH\Sims 4
2014-11-23 00:46 - 2014-11-23 00:46 - 00468541 _____ () C:\Users\Margaret JOH\Downloads\The-Sims-4.rar
2014-11-23 00:35 - 2014-11-23 00:35 - 00003486 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2014-11-23 00:35 - 2014-11-23 00:35 - 00003220 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2014-11-22 17:48 - 2014-12-02 17:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-15 23:02 - 2014-11-15 23:02 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-15 23:02 - 2014-11-15 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-15 23:02 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-11-15 23:01 - 2014-12-02 17:11 - 00000000 ____D () C:\Program Files\iPod
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-15 20:43 - 2014-12-02 17:12 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-11-15 20:43 - 2014-11-30 17:56 - 00000000 ____D () C:\ProgramData\Aimersoft
2014-11-15 20:43 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2014-11-15 20:43 - 2013-03-25 10:46 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2014-11-15 20:42 - 2014-12-02 17:13 - 00000000 ____D () C:\Users\Public\Documents\Aimersoft
2014-11-09 21:50 - 2014-11-09 21:50 - 00011942 _____ () C:\Users\Margaret JOH\Documents\cc_20141109_215028.reg
2014-11-09 21:29 - 2014-11-09 21:29 - 00079200 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_amd64_neutral_8363d00ecae4322d.zip
2014-11-09 21:29 - 2014-11-09 21:29 - 00062845 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_x86_neutral_db87d184bc84f910.zip
2014-11-09 21:26 - 2014-11-30 17:56 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 18:30 - 2011-05-02 18:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 18:27 - 2011-03-12 16:11 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-12-04 18:27 - 2010-11-08 20:49 - 00002888 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-12-04 18:26 - 2012-01-24 22:02 - 00000318 _____ () C:\Windows\SysWOW64\wacom.dat
2014-12-04 18:26 - 2011-05-02 18:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 18:26 - 2010-11-08 20:49 - 00000000 ____D () C:\Program Files\P4G
2014-12-04 18:26 - 2010-11-08 20:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-04 18:26 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 18:25 - 2010-11-08 19:56 - 01808023 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 17:59 - 2012-08-05 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 16:28 - 2012-12-11 13:41 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job
2014-12-04 16:28 - 2012-12-11 13:41 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job
2014-12-04 15:53 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 15:53 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 15:46 - 2011-03-12 17:27 - 00000008 __RSH () C:\Users\Margaret JOH\ntuser.pol
2014-12-04 15:46 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH
2014-12-04 15:44 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-03 23:05 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-03 21:12 - 2010-11-08 20:49 - 00001582 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-03 10:01 - 2012-02-25 00:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-02 22:49 - 2014-05-16 18:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 19:54 - 2012-05-14 17:11 - 00000000 ____D () C:\$AVG
2014-12-02 19:49 - 2011-03-31 14:08 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\uTorrent
2014-12-02 19:40 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default
2014-12-02 19:39 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-02 17:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-02 17:13 - 2014-08-06 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-02 17:13 - 2014-05-19 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-02 17:13 - 2014-05-19 13:48 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\ProductData
2014-12-02 17:13 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP
2014-12-02 17:13 - 2013-03-08 19:31 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2014-12-02 17:13 - 2013-02-14 11:33 - 00000000 ____D () C:\ProgramData\Big Fish Games
2014-12-02 17:13 - 2012-08-22 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-02 17:13 - 2012-04-10 12:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Facebook
2014-12-02 17:13 - 2011-03-19 18:59 - 00000000 ____D () C:\Users\Guest
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-02 17:13 - 2010-11-08 20:51 - 00000000 ____D () C:\ExpressGateUtil
2014-12-02 17:13 - 2010-11-08 20:49 - 00000000 ____D () C:\ProgramData\P4G
2014-12-02 17:13 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\ShellNew
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-12-02 17:12 - 2013-02-14 11:33 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-12-02 17:12 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VirtualStore
2014-12-02 17:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-12-02 17:11 - 2014-05-19 13:46 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-02 17:11 - 2012-09-23 21:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-02 17:11 - 2012-07-01 22:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-02 17:11 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Mozilla
2014-12-02 17:11 - 2011-03-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-02 17:11 - 2010-11-08 20:48 - 00000000 ____D () C:\Program Files\Intel
2014-12-02 17:11 - 2010-11-08 20:47 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:35 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-02 17:11 - 2010-11-08 20:28 - 00000000 ____D () C:\Program Files (x86)\syncables
2014-12-02 17:11 - 2010-11-08 20:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-02 17:11 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-02 17:10 - 2014-08-12 12:59 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-02 17:10 - 2010-11-08 20:25 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-12-02 17:10 - 2010-11-08 20:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-02 17:10 - 2010-11-08 20:05 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 16:22 - 2013-02-14 11:33 - 00000000 ____D () C:\BigFishGamesCache
2014-12-01 20:52 - 2014-09-01 00:18 - 00000935 _____ () C:\Users\Margaret JOH\AppData\Roaming\COFA
2014-12-01 04:38 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Mozilla
2014-12-01 02:21 - 2013-11-07 14:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-28 11:37 - 2010-11-08 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-28 11:33 - 2011-03-12 16:17 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Asus WebStorage
2014-11-28 10:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-26 07:59 - 2012-08-05 22:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 07:59 - 2012-03-30 22:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 07:59 - 2011-05-15 23:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 03:38 - 2009-07-13 21:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 22:36 - 2014-05-19 15:26 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 02:21 - 2011-03-12 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-25 02:20 - 2011-03-12 20:58 - 00000000 ____D () C:\ProgramData\Avira
2014-11-24 22:14 - 2009-07-28 21:20 - 00000000 ____D () C:\Windows\ABLKSR
2014-11-24 20:27 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Origin
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-11-24 00:32 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-24 00:23 - 2011-10-25 00:42 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Origin
2014-11-23 01:58 - 2011-03-12 16:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-22 22:53 - 2014-05-19 13:47 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-22 17:49 - 2014-04-22 03:23 - 00000000 ____D () C:\Users\Margaret JOH\Documents\Electronic Arts
2014-11-15 23:01 - 2011-03-12 21:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-15 20:01 - 2007-11-19 23:41 - 00000000 ____D () C:\Users\Margaret JOH\Shared
2014-11-12 13:25 - 2011-05-02 18:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 13:25 - 2011-05-02 18:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-09 22:01 - 2014-08-28 02:08 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 21:49 - 2011-06-07 02:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-09 19:27 - 2014-08-12 13:00 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\DivX
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 03:16
 
==================== End Of Log ============================

  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again spidergirl79,

Assuming you still have ComboFix on your machine please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quote box below into it:
 

KillAll::

Driver::
avgntflt
avipbb
AntiVirSchedulerService
AntiVirService

File::
C:\Windows\System32\DRIVERS\avgntflt.sys
C:\Windows\System32\DRIVERS\avipbb.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

 


  • 0

#19
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I encountered some errors when running combofix; it said "unable to create a back up of the current registry file C:\Windows\System32\Config\SYSTEM !

 

Continue to restore this file? I clicked yes, It could not. This happened with several other files afterward. When it rebooted and I went to open the log file it said some illegal operation occurred, windows appeared to flicker but I was still able to open it:

 

ComboFix 14-12-04.01 - Margaret JOH 04/12/2014  19:35:42.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3884.1497 [GMT -8:00]
Running from: c:\users\Margaret JOH\Downloads\ComboFix.exe
Command switches used :: c:\users\Margaret JOH\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\DRIVERS\avgntflt.sys"
"c:\windows\System32\DRIVERS\avipbb.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AntiVirSchedulerService
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-05 to 2014-12-05  )))))))))))))))))))))))))))))))
.
.
2014-12-05 03:43 . 2014-12-05 03:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-12-05 03:43 . 2014-12-05 03:43 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-12-05 03:43 . 2014-12-05 03:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-12-05 03:43 . 2014-12-05 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-04 09:08 . 2014-12-04 09:08 -------- d-----w- c:\programdata\VS Revo Group
2014-12-04 09:08 . 2009-12-30 19:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-12-04 05:15 . 2014-12-05 02:32 -------- d-----w- C:\FRST
2014-12-03 06:57 . 2014-12-03 06:57 -------- d-----w- c:\program files (x86)\ESET
2014-12-03 04:10 . 2014-11-17 10:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B6BABF6-EF1D-46B4-9E52-3415A74B40BB}\mpengine.dll
2014-12-03 04:10 . 2014-11-24 22:04 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-12-03 04:04 . 2014-12-03 04:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-03 04:04 . 2014-12-03 04:03 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-12-03 04:04 . 2014-12-03 04:03 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-03 04:04 . 2014-12-03 04:03 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-03 04:03 . 2014-12-03 04:03 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-03 04:03 . 2014-12-03 04:04 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-03 04:03 . 2014-12-03 04:03 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-03 04:03 . 2014-12-03 04:03 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-03 04:03 . 2014-12-03 04:03 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-03 04:03 . 2014-12-03 04:03 43152 ----a-w- c:\windows\avastSS.scr
2014-12-03 02:56 . 2014-12-03 02:56 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\AVG2015
2014-12-03 02:48 . 2014-12-03 18:01 -------- d-----w- c:\programdata\AVG2015
2014-12-03 02:44 . 2014-12-03 03:03 -------- d-----w- c:\users\Margaret JOH\AppData\Local\Avg2015
2014-12-03 02:27 . 2014-12-03 02:27 -------- d-----w- c:\windows\ERUNT
2014-12-03 01:18 . 2014-12-03 01:18 -------- d-----w- c:\users\Margaret JOH\AppData\Local\Aimersoft
2014-12-03 00:33 . 2014-12-03 00:33 -------- d-----w- c:\users\Margaret JOH\AppData\Local\VS Revo Group
2014-12-03 00:33 . 2014-12-03 00:33 -------- d-----w- c:\program files\VS Revo Group
2014-12-02 02:22 . 2014-12-03 00:50 -------- d-----w- c:\programdata\Kaspersky Lab
2014-12-02 02:22 . 2014-12-02 02:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-12-02 00:02 . 2014-12-02 00:02 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\AVAST Software
2014-12-01 23:58 . 2014-12-01 23:58 -------- d-----w- c:\program files\AVAST Software
2014-12-01 23:57 . 2014-12-01 23:58 -------- d-----w- c:\programdata\AVAST Software
2014-12-01 20:26 . 2014-12-01 20:26 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\LavasoftStatistics
2014-12-01 14:06 . 2014-12-03 01:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-12-01 12:37 . 2014-11-14 02:42 331376 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2014-12-01 12:37 . 2014-11-14 02:42 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2014-12-01 12:16 . 2014-12-01 12:34 -------- d-----w- c:\programdata\HitmanPro
2014-12-01 11:04 . 2014-12-05 00:19 -------- d-----w- C:\AdwCleaner
2014-12-01 02:06 . 2014-12-01 02:06 -------- d-----w- c:\program files\CCleaner
2014-11-29 01:03 . 2014-11-29 01:03 -------- d-----w- C:\aws
2014-11-29 01:03 . 2014-11-29 01:03 -------- d-----w- C:\Asus WebStorage
2014-11-28 19:38 . 2014-12-05 02:28 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\WebStorage
2014-11-28 19:38 . 2014-11-28 19:38 -------- d-----w- C:\WebStorage
2014-11-28 19:37 . 2014-11-28 19:37 -------- d-----w- c:\programdata\WebStorage
2014-11-28 19:37 . 2014-11-28 19:37 -------- d-----w- c:\programdata\ASUS WebStorage
2014-11-28 19:37 . 2014-11-28 19:37 -------- d-----w- c:\program files (x86)\Common Files\AWS
2014-11-25 10:15 . 2014-11-25 10:15 0 ----a-w- c:\windows\SysWow64\shoF4B7.tmp
2014-11-24 08:00 . 2014-11-24 08:23 -------- d-----w- c:\users\Margaret JOH\AppData\Local\Origin
2014-11-24 07:40 . 2014-11-24 08:22 -------- d-----w- c:\program files (x86)\Origin
2014-11-24 07:02 . 2008-07-10 19:01 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-11-23 08:54 . 2014-11-23 08:54 -------- d--h--w- c:\users\Margaret JOH\AppData\Roaming\GoldenGate
2014-11-23 08:52 . 2014-11-23 08:52 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\GameOff
2014-11-23 08:51 . 2014-11-23 08:51 -------- d-----w- c:\programdata\cPfTJEb
2014-11-23 08:50 . 2014-11-23 08:50 45 ----a-w- C:\user.js
2014-11-23 08:50 . 2014-11-25 10:15 -------- d-----w- c:\program files\010
2014-11-23 08:50 . 2014-11-23 08:58 -------- d-----w- c:\program files\9E72B442-9400-4E1B-BF02-37F42BF96F36
2014-11-23 08:49 . 2014-11-23 08:49 -------- d-----w- c:\users\Margaret JOH\Sims 4
2014-11-23 01:48 . 2014-12-03 01:11 -------- d-----w- c:\programdata\Package Cache
2014-11-16 07:02 . 2012-10-04 00:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-11-16 07:01 . 2014-12-03 01:11 -------- d-----w- c:\program files\iPod
2014-11-16 07:01 . 2014-11-16 07:01 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-16 07:01 . 2014-11-16 07:01 -------- d-----w- c:\program files\iTunes
2014-11-16 07:01 . 2014-11-16 07:01 -------- d-----w- c:\program files (x86)\iTunes
2014-11-16 04:43 . 2014-11-16 04:43 -------- d-----w- c:\program files (x86)\Common Files\Aimersoft
2014-11-16 04:43 . 2013-08-23 21:36 721263 ----a-w- c:\windows\SysWow64\AiCM64.dll
2014-11-16 04:43 . 2013-03-25 18:46 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio.sys
2014-11-16 04:43 . 2014-12-03 01:12 -------- d-----w- c:\program files (x86)\Aimersoft
2014-11-16 04:43 . 2014-12-01 01:56 -------- d-----w- c:\programdata\Aimersoft
2014-11-10 05:26 . 2014-12-01 01:56 -------- d-----w- c:\program files (x86)\DriverToolkit
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-05 03:47 . 2014-12-05 03:47 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B6BABF6-EF1D-46B4-9E52-3415A74B40BB}\offreg.dll
2014-12-05 03:45 . 2011-03-13 00:11 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-12-04 22:53 . 2014-09-17 04:18 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-03 06:49 . 2014-05-17 02:11 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-26 15:59 . 2012-03-31 06:41 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-26 15:59 . 2011-05-16 07:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-01 19:11 . 2014-05-17 02:10 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 19:11 . 2014-05-17 02:10 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 19:11 . 2013-04-27 01:20 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MouseServer"="c:\program files (x86)\MouseServer\MouseServer.exe" [2014-10-15 242688]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-09 2429]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2014-08-05 2014720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"WebStorage"="c:\program files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe" [2014-11-07 5244712]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-03 5226600]
.
c:\users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-3-12 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys;c:\users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys [x]
R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 06:32 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:59]
.
2014-02-27 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31 18:38]
.
2014-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job
- c:\users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11 00:23]
.
2014-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job
- c:\users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11 00:23]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 23:18]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 23:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7191}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191}]
2014-09-03 06:41 1487872 ----a-w- c:\program files (x86)\Common Files\AWS\2.1.15.438\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D809}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D809}]
2014-09-03 06:41 1487872 ----a-w- c:\program files (x86)\Common Files\AWS\2.1.15.438\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E}]
2014-09-03 06:41 1487872 ----a-w- c:\program files (x86)\Common Files\AWS\2.1.15.438\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-03 04:03 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-23 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-23 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-23 418800]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\SecuROM\License information*]
"datasecu"=hex:18,b7,57,15,a3,8e,b7,67,d7,9d,1b,02,ae,48,16,af,5f,5a,a6,79,b3,
   6a,58,fd,97,23,41,73,7c,81,5c,44,b8,81,cf,49,fd,29,42,55,2f,b0,ad,3a,7a,ac,\
"rkeysecu"=hex:33,06,65,b6,ad,79,b2,1e,c1,92,9f,e8,ec,b1,a1,07
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\Tablet.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-12-04  19:51:32 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-05 03:51
ComboFix2.txt  2014-12-03 03:40
.
Pre-Run: 1,399,418,880 bytes free
Post-Run: 1,180,884,992 bytes free
.
- - End Of File - - 45AA4B5B418AFCABA3636B249EFA4611

  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello spidergirl79,

 

One Avira one still there, let's see if this makes a difference.

 

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quote box below into it:
 

KillAll::

Driver::
AntiVirSchedulerService
Avira AntiVir Scheduler


File::
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.


  • 0

#21
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

If I get errors again about (backing up) restoring files, should I say yes or no?


Edited by spidergirl79, 04 December 2014 - 10:13 PM.

  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

May not be a big deal but let's see if it will do it this time.

 

Say yes. :)


  • 0

#23
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Here is the latest logfile. Still got the backing up error thing. Did I mess up my laptop from when I ran combofix before coming for help here?

 

 

ComboFix 14-12-04.01 - Margaret JOH 04/12/2014  20:19:41.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3884.2089 [GMT -8:00]
Running from: c:\users\Margaret JOH\Downloads\ComboFix.exe
Command switches used :: c:\users\Margaret JOH\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Avira\AntiVir Desktop\sched.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AntiVirSchedulerService
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-05 to 2014-12-05  )))))))))))))))))))))))))))))))
.
.
2014-12-05 04:26 . 2014-12-05 04:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-12-05 04:26 . 2014-12-05 04:26 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-12-05 04:26 . 2014-12-05 04:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-12-05 04:26 . 2014-12-05 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-04 09:08 . 2014-12-04 09:08 -------- d-----w- c:\programdata\VS Revo Group
2014-12-04 09:08 . 2009-12-30 19:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-12-04 05:15 . 2014-12-05 02:32 -------- d-----w- C:\FRST
2014-12-03 06:57 . 2014-12-03 06:57 -------- d-----w- c:\program files (x86)\ESET
2014-12-03 04:10 . 2014-11-17 10:08 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B6BABF6-EF1D-46B4-9E52-3415A74B40BB}\mpengine.dll
2014-12-03 04:10 . 2014-11-24 22:04 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-12-03 04:04 . 2014-12-03 04:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-03 04:04 . 2014-12-03 04:03 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-12-03 04:04 . 2014-12-03 04:03 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-03 04:04 . 2014-12-03 04:03 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-03 04:03 . 2014-12-03 04:03 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-03 04:03 . 2014-12-03 04:04 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-03 04:03 . 2014-12-03 04:03 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-03 04:03 . 2014-12-03 04:03 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-03 04:03 . 2014-12-03 04:03 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-03 04:03 . 2014-12-03 04:03 43152 ----a-w- c:\windows\avastSS.scr
2014-12-03 02:56 . 2014-12-03 02:56 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\AVG2015
2014-12-03 02:48 . 2014-12-03 18:01 -------- d-----w- c:\programdata\AVG2015
2014-12-03 02:44 . 2014-12-03 03:03 -------- d-----w- c:\users\Margaret JOH\AppData\Local\Avg2015
2014-12-03 02:27 . 2014-12-03 02:27 -------- d-----w- c:\windows\ERUNT
2014-12-03 01:18 . 2014-12-03 01:18 -------- d-----w- c:\users\Margaret JOH\AppData\Local\Aimersoft
2014-12-03 00:33 . 2014-12-03 00:33 -------- d-----w- c:\users\Margaret JOH\AppData\Local\VS Revo Group
2014-12-03 00:33 . 2014-12-03 00:33 -------- d-----w- c:\program files\VS Revo Group
2014-12-02 02:22 . 2014-12-03 00:50 -------- d-----w- c:\programdata\Kaspersky Lab
2014-12-02 02:22 . 2014-12-02 02:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-12-02 00:02 . 2014-12-02 00:02 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\AVAST Software
2014-12-01 23:58 . 2014-12-01 23:58 -------- d-----w- c:\program files\AVAST Software
2014-12-01 23:57 . 2014-12-01 23:58 -------- d-----w- c:\programdata\AVAST Software
2014-12-01 20:26 . 2014-12-01 20:26 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\LavasoftStatistics
2014-12-01 14:06 . 2014-12-03 01:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-12-01 12:37 . 2014-11-14 02:42 331376 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2014-12-01 12:37 . 2014-11-14 02:42 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2014-12-01 12:16 . 2014-12-01 12:34 -------- d-----w- c:\programdata\HitmanPro
2014-12-01 11:04 . 2014-12-05 00:19 -------- d-----w- C:\AdwCleaner
2014-12-01 02:06 . 2014-12-01 02:06 -------- d-----w- c:\program files\CCleaner
2014-11-29 01:03 . 2014-11-29 01:03 -------- d-----w- C:\aws
2014-11-29 01:03 . 2014-11-29 01:03 -------- d-----w- C:\Asus WebStorage
2014-11-28 19:38 . 2014-12-05 02:28 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\WebStorage
2014-11-28 19:38 . 2014-11-28 19:38 -------- d-----w- C:\WebStorage
2014-11-28 19:37 . 2014-11-28 19:37 -------- d-----w- c:\programdata\WebStorage
2014-11-28 19:37 . 2014-11-28 19:37 -------- d-----w- c:\programdata\ASUS WebStorage
2014-11-28 19:37 . 2014-11-28 19:37 -------- d-----w- c:\program files (x86)\Common Files\AWS
2014-11-25 10:15 . 2014-11-25 10:15 0 ----a-w- c:\windows\SysWow64\shoF4B7.tmp
2014-11-24 08:00 . 2014-11-24 08:23 -------- d-----w- c:\users\Margaret JOH\AppData\Local\Origin
2014-11-24 07:40 . 2014-11-24 08:22 -------- d-----w- c:\program files (x86)\Origin
2014-11-24 07:02 . 2008-07-10 19:01 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2014-11-23 08:54 . 2014-11-23 08:54 -------- d--h--w- c:\users\Margaret JOH\AppData\Roaming\GoldenGate
2014-11-23 08:52 . 2014-11-23 08:52 -------- d-----w- c:\users\Margaret JOH\AppData\Roaming\GameOff
2014-11-23 08:51 . 2014-11-23 08:51 -------- d-----w- c:\programdata\cPfTJEb
2014-11-23 08:50 . 2014-11-23 08:50 45 ----a-w- C:\user.js
2014-11-23 08:50 . 2014-11-25 10:15 -------- d-----w- c:\program files\010
2014-11-23 08:50 . 2014-11-23 08:58 -------- d-----w- c:\program files\9E72B442-9400-4E1B-BF02-37F42BF96F36
2014-11-23 08:49 . 2014-11-23 08:49 -------- d-----w- c:\users\Margaret JOH\Sims 4
2014-11-23 01:48 . 2014-12-03 01:11 -------- d-----w- c:\programdata\Package Cache
2014-11-16 07:02 . 2012-10-04 00:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-11-16 07:01 . 2014-12-03 01:11 -------- d-----w- c:\program files\iPod
2014-11-16 07:01 . 2014-11-16 07:01 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-16 07:01 . 2014-11-16 07:01 -------- d-----w- c:\program files\iTunes
2014-11-16 07:01 . 2014-11-16 07:01 -------- d-----w- c:\program files (x86)\iTunes
2014-11-16 04:43 . 2014-11-16 04:43 -------- d-----w- c:\program files (x86)\Common Files\Aimersoft
2014-11-16 04:43 . 2013-08-23 21:36 721263 ----a-w- c:\windows\SysWow64\AiCM64.dll
2014-11-16 04:43 . 2013-03-25 18:46 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio.sys
2014-11-16 04:43 . 2014-12-03 01:12 -------- d-----w- c:\program files (x86)\Aimersoft
2014-11-16 04:43 . 2014-12-01 01:56 -------- d-----w- c:\programdata\Aimersoft
2014-11-10 05:26 . 2014-12-01 01:56 -------- d-----w- c:\program files (x86)\DriverToolkit
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-05 04:28 . 2011-03-13 00:11 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-12-04 22:53 . 2014-09-17 04:18 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-12-03 06:49 . 2014-05-17 02:11 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-26 15:59 . 2012-03-31 06:41 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-26 15:59 . 2011-05-16 07:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-01 19:11 . 2014-05-17 02:10 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 19:11 . 2014-05-17 02:10 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 19:11 . 2013-04-27 01:20 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MouseServer"="c:\program files (x86)\MouseServer\MouseServer.exe" [2014-10-15 242688]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-09 2429]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-05-28 455512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2014-08-05 2014720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"WebStorage"="c:\program files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe" [2014-11-07 5244712]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-03 5226600]
.
c:\users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-2 1080608]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-3-12 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys;c:\users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys [x]
R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe;c:\expressgateutil\VAWinService.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 06:32 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:59]
.
2014-02-27 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31 18:38]
.
2014-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job
- c:\users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11 00:23]
.
2014-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job
- c:\users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11 00:23]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 23:18]
.
2014-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 23:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7191}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7191}]
2014-09-03 06:41 1487872 ----a-w- c:\program files (x86)\Common Files\AWS\2.1.15.438\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D809}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D809}]
2014-09-03 06:41 1487872 ----a-w- c:\program files (x86)\Common Files\AWS\2.1.15.438\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E}]
2014-09-03 06:41 1487872 ----a-w- c:\program files (x86)\Common Files\AWS\2.1.15.438\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-03 04:03 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-23 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-23 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-23 418800]
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0A315E30-D5C3-4476-8B15-8C9DC3EEAD41}: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0D93EBBC-D547-481C-8759-6A24FF56A7C4}: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\SecuROM\License information*]
"datasecu"=hex:45,bc,89,4a,3b,c8,f1,2c,6b,81,67,e4,fc,f8,40,60,dc,01,34,45,65,
   11,c8,fb,d5,5a,71,5c,9c,e2,fc,b5,34,2c,cc,08,de,39,e0,73,96,86,59,08,74,61,\
"rkeysecu"=hex:ff,32,02,07,86,90,52,20,67,ad,fc,5f,36,db,da,c3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\Tablet.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Completion time: 2014-12-04  20:33:18 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-05 04:33
ComboFix2.txt  2014-12-05 03:51
ComboFix3.txt  2014-12-03 03:40
.
Pre-Run: 1,266,978,816 bytes free
Post-Run: 1,465,614,336 bytes free
.
- - End Of File - - ADA6811E456E560D6695E5CFDF1F1F55

  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Did I mess up my laptop from when I ran combofix before coming for help here?


I don't think so. Maybe something corrupt or some conflict going on. Not the end of the world. :)

Now

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.
  • 0

#25
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

I thought that you were staying up late in your time zone, I realised after checking the world clock on my tablet that it is about 5pm Friday where you are, where as I am still at 8 pm Thursday! Thank you for your hard work!

 

Here are the scans:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Margaret JOH (administrator) on MARGARETJOH-PC on 04-12-2014 20:42:45
Running from C:\Users\Margaret JOH\Downloads\Desktop
Loaded Profile: Margaret JOH (Available profiles: UpdatusUser & Margaret JOH & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Windows\SysWOW64\Tablet.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-11-08] ()
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.438\AsusWSPanel.exe [5244712 2014-11-06] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [MouseServer] => C:\Program Files (x86)\MouseServer\MouseServer.exe [242688 2014-10-14] (wifimouse.necta.us)
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.438\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1869828728-3093472841-3018778326-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab
DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: linkscanner - No CLSID Value
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: WSAMVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Margaret JOH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1869828728-3093472841-3018778326-1001: facebook.com/fbDesktopPlugin -> C:\Users\Margaret JOH\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-07-01]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Adblock Plus) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-19]
CHR Extension: (Avast Online Security) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-02]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Margaret JOH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-24] (Electronic Arts)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-05] () [File not signed]
R2 TabletService; C:\Windows\SysWOW64\Tablet.exe [548864 2002-03-19] (Wacom Technology, Corp.) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] () [File not signed]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-03] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-03] (Avira GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-24] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S0 PenClass; C:\Windows\SysWOW64\Drivers\PenClass.sys [8138 2001-04-09] (Wacom Technology Corporation) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-19] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 WinRing0_1_2_0; \??\C:\Users\MARGAR~1\AppData\Local\Temp\Rar$EX44.264\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 20:33 - 2014-12-04 20:33 - 00024463 _____ () C:\ComboFix.txt
2014-12-04 19:29 - 2014-12-04 19:30 - 05600479 ____R (Swearware) C:\Users\Margaret JOH\Downloads\ComboFix.exe
2014-12-04 15:54 - 2014-12-04 16:17 - 00000165 _____ () C:\AdwCleanerDebug.txt
2014-12-04 01:17 - 2014-12-04 01:17 - 00367104 _____ (Avira GmbH) C:\Users\Margaret JOH\Downloads\removaltool-win32-en.exe
2014-12-04 01:08 - 2014-12-04 01:08 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-04 01:08 - 2014-12-04 01:08 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-04 01:08 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-12-04 01:07 - 2014-12-04 01:08 - 10691640 _____ (VS Revo Group ) C:\Users\Margaret JOH\Downloads\RevoUninProSetup.exe
2014-12-03 21:15 - 2014-12-04 20:42 - 00000000 ____D () C:\FRST
2014-12-02 22:57 - 2014-12-02 22:57 - 02347384 _____ (ESET) C:\Users\Margaret JOH\Downloads\esetsmartinstaller_enu.exe
2014-12-02 22:57 - 2014-12-02 22:57 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-02 20:28 - 2014-12-02 20:28 - 00063266 _____ () C:\Users\Margaret JOH\Downloads\Extras.Txt
2014-12-02 20:27 - 2014-12-02 20:27 - 00123450 _____ () C:\Users\Margaret JOH\Downloads\OTL.Txt
2014-12-02 20:18 - 2014-12-02 20:18 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL (1).exe
2014-12-02 20:10 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-02 20:05 - 2014-12-02 20:05 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret JOH\Downloads\OTL.exe
2014-12-02 20:04 - 2014-12-04 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-02 20:04 - 2014-12-02 20:04 - 00001966 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-02 20:04 - 2014-12-02 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-02 20:04 - 2014-12-02 20:03 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-02 20:04 - 2014-12-02 20:03 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-02 20:03 - 2014-12-02 20:04 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-02 20:03 - 2014-12-02 20:03 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-02 20:03 - 2014-12-02 20:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-02 20:03 - 2014-12-02 20:03 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-02 19:59 - 2014-12-02 20:00 - 05006864 _____ (AVAST Software) C:\Users\Margaret JOH\Downloads\avast_free_antivirus_setup_online.exe
2014-12-02 19:29 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-02 19:29 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-02 19:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-02 19:29 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-02 19:28 - 2014-12-04 20:33 - 00000000 ____D () C:\Qoobox
2014-12-02 19:27 - 2014-12-04 20:26 - 00000000 ____D () C:\Windows\erdnt
2014-12-02 19:25 - 2014-12-02 19:25 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill.exe
2014-12-02 19:25 - 2014-12-02 19:25 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Margaret JOH\Downloads\rkill64.exe
2014-12-02 18:56 - 2014-12-02 18:56 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVG2015
2014-12-02 18:48 - 2014-12-03 10:01 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-02 18:44 - 2014-12-02 19:03 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Avg2015
2014-12-02 18:27 - 2014-12-02 18:27 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 18:26 - 2014-12-02 18:27 - 01707646 _____ (Thisisu) C:\Users\Margaret JOH\Downloads\JRT.exe
2014-12-02 17:45 - 2014-12-04 20:27 - 00011622 _____ () C:\Windows\PFRO.log
2014-12-02 17:18 - 2014-12-02 17:18 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Aimersoft
2014-12-02 17:14 - 2014-12-04 20:28 - 00000616 _____ () C:\Windows\setupact.log
2014-12-02 17:14 - 2014-12-02 17:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-02 16:33 - 2014-12-04 01:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VS Revo Group
2014-12-02 16:33 - 2014-12-02 16:33 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-01 18:22 - 2014-12-02 16:50 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-01 18:22 - 2014-12-01 18:22 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-01 16:02 - 2014-12-01 16:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\AVAST Software
2014-12-01 15:58 - 2014-12-01 15:58 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-01 15:57 - 2014-12-01 15:58 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-01 13:19 - 2014-12-01 13:20 - 00014021 _____ () C:\Users\Margaret JOH\Downloads\hijackthis.log
2014-12-01 12:26 - 2014-12-01 12:26 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\LavasoftStatistics
2014-12-01 06:06 - 2014-12-02 17:12 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-01 04:16 - 2014-12-01 04:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-01 03:04 - 2014-12-04 16:19 - 00000000 ____D () C:\AdwCleaner
2014-11-30 18:16 - 2014-11-30 18:16 - 00099564 _____ () C:\Users\Margaret JOH\Documents\cc_20141130_181617.reg
2014-11-30 18:06 - 2014-11-30 18:06 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-30 18:06 - 2014-11-30 18:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500.exe
2014-11-30 18:05 - 2014-11-30 18:05 - 05162080 _____ (Piriform Ltd) C:\Users\Margaret JOH\Downloads\ccsetup500 (1).exe
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 ____D () C:\aws
2014-11-28 17:03 - 2014-11-28 17:03 - 00000000 ____D () C:\Asus WebStorage
2014-11-28 11:38 - 2014-12-04 18:28 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\WebStorage
2014-11-28 11:38 - 2014-11-28 11:38 - 00000000 ____D () C:\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00001248 _____ () C:\Users\Public\Desktop\WebStorage.lnk
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\WebStorage
2014-11-28 11:37 - 2014-11-28 11:37 - 00000000 ____D () C:\ProgramData\ASUS WebStorage
2014-11-28 11:36 - 2014-11-28 11:36 - 12756088 _____ (ASUS Cloud Corporation) C:\Users\Margaret JOH\Downloads\ASUSWebStorageSyncAgent2.1.15.438.exe
2014-11-28 11:32 - 2014-11-28 11:33 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\temp
2014-11-25 21:15 - 2014-11-25 21:15 - 00377743 _____ () C:\Users\Margaret JOH\Downloads\MTS_SnowWhiteCharming_1019799_AudreyHepburn.zip
2014-11-25 02:15 - 2014-11-25 02:15 - 00000000 _____ () C:\Windows\SysWOW64\shoF4B7.tmp
2014-11-24 00:00 - 2014-11-24 00:23 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Origin
2014-11-23 23:40 - 2014-11-24 00:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-23 23:40 - 2014-11-23 23:40 - 00000945 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-11-23 23:40 - 2014-11-23 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-23 23:03 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-23 23:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-11-23 23:03 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-11-23 23:03 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-11-23 23:03 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-11-23 23:03 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-11-23 23:03 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-11-23 23:03 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-11-23 23:02 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-11-23 23:02 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-11-23 23:02 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-11-23 23:02 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-11-23 23:02 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-11-23 23:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-11-23 23:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-11-23 23:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-11-23 23:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-11-23 23:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-11-23 23:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-11-23 23:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-11-23 23:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-11-23 23:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-11-23 23:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-11-23 23:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-11-23 23:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-11-23 23:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-11-23 23:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-11-23 23:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-11-23 23:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-11-23 23:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-11-23 23:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-11-23 23:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-11-23 23:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-11-23 23:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-11-23 23:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-11-23 23:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-11-23 23:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-11-23 23:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-11-23 23:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-11-23 23:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-11-23 23:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-11-23 23:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-11-23 22:46 - 2014-11-23 23:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-23 01:23 - 2014-11-23 01:23 - 00003140 _____ () C:\Windows\System32\Tasks\{7FDCD1BE-69AF-4100-9284-739FDC989639}
2014-11-23 00:54 - 2014-11-23 00:54 - 00000000 ___HD () C:\Users\Margaret JOH\AppData\Roaming\GoldenGate
2014-11-23 00:53 - 2014-11-23 00:53 - 00001816 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-11-23 00:53 - 2014-11-23 00:53 - 00000178 _____ () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-23 00:52 - 2014-11-23 00:52 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\GameOff
2014-11-23 00:51 - 2014-11-23 00:51 - 00000000 ____D () C:\ProgramData\cPfTJEb
2014-11-23 00:50 - 2014-11-25 02:15 - 00000000 ____D () C:\Program Files\010
2014-11-23 00:50 - 2014-11-23 00:58 - 00000000 ____D () C:\Program Files\9E72B442-9400-4E1B-BF02-37F42BF96F36
2014-11-23 00:50 - 2014-11-23 00:50 - 00000045 _____ () C:\user.js
2014-11-23 00:49 - 2014-11-23 00:49 - 00000000 ____D () C:\Users\Margaret JOH\Sims 4
2014-11-23 00:35 - 2014-11-23 00:35 - 00003486 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2014-11-23 00:35 - 2014-11-23 00:35 - 00003220 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2014-11-22 17:48 - 2014-12-02 17:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-15 23:02 - 2014-11-15 23:02 - 00001745 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-15 23:02 - 2014-11-15 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-15 23:02 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-11-15 23:01 - 2014-12-02 17:11 - 00000000 ____D () C:\Program Files\iPod
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files\iTunes
2014-11-15 23:01 - 2014-11-15 23:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-15 20:43 - 2014-12-02 17:12 - 00000000 ____D () C:\Program Files (x86)\Aimersoft
2014-11-15 20:43 - 2014-11-30 17:56 - 00000000 ____D () C:\ProgramData\Aimersoft
2014-11-15 20:43 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2014-11-15 20:43 - 2013-03-25 10:46 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2014-11-15 20:42 - 2014-12-02 17:13 - 00000000 ____D () C:\Users\Public\Documents\Aimersoft
2014-11-09 21:50 - 2014-11-09 21:50 - 00011942 _____ () C:\Users\Margaret JOH\Documents\cc_20141109_215028.reg
2014-11-09 21:29 - 2014-11-09 21:29 - 00079200 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_amd64_neutral_8363d00ecae4322d.zip
2014-11-09 21:29 - 2014-11-09 21:29 - 00062845 _____ () C:\Users\Margaret JOH\Downloads\cdrom.inf_x86_neutral_db87d184bc84f910.zip
2014-11-09 21:26 - 2014-11-30 17:56 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 20:36 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:36 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:33 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 20:32 - 2010-11-08 19:56 - 01815459 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 20:30 - 2011-05-02 18:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 20:28 - 2012-01-24 22:02 - 00000318 _____ () C:\Windows\SysWOW64\wacom.dat
2014-12-04 20:28 - 2011-05-02 18:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 20:28 - 2011-03-12 16:11 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-12-04 20:28 - 2010-11-08 20:49 - 00000000 ____D () C:\Program Files\P4G
2014-12-04 20:28 - 2010-11-08 20:42 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-04 20:28 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 20:28 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-04 19:59 - 2012-08-05 22:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 19:28 - 2012-12-11 13:41 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job
2014-12-04 18:27 - 2010-11-08 20:49 - 00002888 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-12-04 16:28 - 2012-12-11 13:41 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job
2014-12-04 15:46 - 2011-03-12 17:27 - 00000008 __RSH () C:\Users\Margaret JOH\ntuser.pol
2014-12-04 15:46 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH
2014-12-04 15:44 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-03 21:12 - 2010-11-08 20:49 - 00001582 _____ () C:\Windows\system32\ServiceFilter.ini
2014-12-03 10:01 - 2012-02-25 00:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-02 22:49 - 2014-05-16 18:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 19:54 - 2012-05-14 17:11 - 00000000 ____D () C:\$AVG
2014-12-02 19:49 - 2011-03-31 14:08 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\uTorrent
2014-12-02 19:40 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default
2014-12-02 17:31 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-02 17:13 - 2014-08-06 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-02 17:13 - 2014-05-19 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-02 17:13 - 2014-05-19 13:48 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\ProductData
2014-12-02 17:13 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP
2014-12-02 17:13 - 2013-03-08 19:31 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2014-12-02 17:13 - 2013-02-14 11:33 - 00000000 ____D () C:\ProgramData\Big Fish Games
2014-12-02 17:13 - 2012-08-22 12:17 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-02 17:13 - 2012-04-10 12:02 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Facebook
2014-12-02 17:13 - 2011-03-19 18:59 - 00000000 ____D () C:\Users\Guest
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-02 17:13 - 2011-03-14 21:20 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-02 17:13 - 2010-11-08 20:51 - 00000000 ____D () C:\ExpressGateUtil
2014-12-02 17:13 - 2010-11-08 20:49 - 00000000 ____D () C:\ProgramData\P4G
2014-12-02 17:13 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\ShellNew
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2014-12-02 17:12 - 2013-04-21 13:59 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2014-12-02 17:12 - 2013-02-14 11:33 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2014-12-02 17:12 - 2011-03-12 16:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\VirtualStore
2014-12-02 17:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-12-02 17:11 - 2014-05-19 13:46 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-02 17:11 - 2013-03-13 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-02 17:11 - 2012-09-23 21:32 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-12-02 17:11 - 2012-07-01 22:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-02 17:11 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Mozilla
2014-12-02 17:11 - 2011-03-12 16:12 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-02 17:11 - 2010-11-08 20:48 - 00000000 ____D () C:\Program Files\Intel
2014-12-02 17:11 - 2010-11-08 20:47 - 00000000 ____D () C:\Program Files\WIDCOMM
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-02 17:11 - 2010-11-08 20:35 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-02 17:11 - 2010-11-08 20:28 - 00000000 ____D () C:\Program Files (x86)\syncables
2014-12-02 17:11 - 2010-11-08 20:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-02 17:11 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-02 17:10 - 2014-08-12 12:59 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-02 17:10 - 2010-11-08 20:25 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-12-02 17:10 - 2010-11-08 20:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-02 17:10 - 2010-11-08 20:05 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-12-02 16:22 - 2013-02-14 11:33 - 00000000 ____D () C:\BigFishGamesCache
2014-12-01 20:52 - 2014-09-01 00:18 - 00000935 _____ () C:\Users\Margaret JOH\AppData\Roaming\COFA
2014-12-01 04:38 - 2011-03-12 20:11 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Local\Mozilla
2014-12-01 02:21 - 2013-11-07 14:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-28 11:37 - 2010-11-08 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-11-28 11:33 - 2011-03-12 16:17 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Asus WebStorage
2014-11-28 10:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-11-26 07:59 - 2012-08-05 22:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 07:59 - 2012-03-30 22:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 07:59 - 2011-05-15 23:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 03:38 - 2009-07-13 21:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 22:36 - 2014-05-19 15:26 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 02:21 - 2011-03-12 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-25 02:20 - 2011-03-12 20:58 - 00000000 ____D () C:\ProgramData\Avira
2014-11-24 22:14 - 2009-07-28 21:20 - 00000000 ____D () C:\Windows\ABLKSR
2014-11-24 20:27 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Origin
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-11-24 00:32 - 2011-03-14 01:41 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-11-24 00:32 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-24 00:23 - 2011-10-25 00:42 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\Origin
2014-11-23 01:58 - 2011-03-12 16:38 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-11-22 22:53 - 2014-05-19 13:47 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-22 17:49 - 2014-04-22 03:23 - 00000000 ____D () C:\Users\Margaret JOH\Documents\Electronic Arts
2014-11-15 23:01 - 2011-03-12 21:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-15 20:01 - 2007-11-19 23:41 - 00000000 ____D () C:\Users\Margaret JOH\Shared
2014-11-12 13:25 - 2011-05-02 18:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 13:25 - 2011-05-02 18:20 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-09 22:01 - 2014-08-28 02:08 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 22:01 - 2014-05-16 18:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 21:49 - 2011-06-07 02:21 - 00000000 ____D () C:\Windows\Minidump
2014-11-09 19:27 - 2014-08-12 13:00 - 00000000 ____D () C:\Users\Margaret JOH\AppData\Roaming\DivX
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 03:16
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Margaret JOH at 2014-12-04 20:43:26
Running from C:\Users\Margaret JOH\Downloads\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.40 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4015 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4015 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS_N3_Series (HKLM-x32\...\ASUS_N3_Series) (Version: 1.0.0002 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0006 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink MediaShow Espresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.0.1606_25588 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2609a - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3009.50 - CyberLink Corp.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
ExpressGate Cloud (HKLM-x32\...\InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}) (Version: 2.1.76.380 - Asus)
ExpressGate Cloud (x32 Version: 2.1.76.380 - Asus) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.6 - ASUS)
Fresco Logic USB3.0 Host Controller (HKLM\...\{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}) (Version: 3.0.105.11 - Fresco Logic Inc.)
Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{4BC310C4-B898-46E2-B5FB-B85A30AA7142}) (Version: 2.0.2.187 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MouseServer version 1.5.1.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.1.0 - Necta Co.)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5942 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5942 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version:  - )
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6210 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
SuperFast PC (HKLM\...\SuperFast PC) (Version: 1.0 - 383 Media, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
TSR RigFix (HKLM-x32\...\{1F2A56A0-AF80-4423-8C73-ADBFAB40E629}) (Version: 1.0.10 - The Sims Resource)
Unity Web Player (HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.54000.206 - Sonix)
Vacation Quest - The Hawaiian Islands (HKLM-x32\...\Vacation Quest - The Hawaiian Islands) (Version:  - PopCap Games)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Watchtower Library 2010 - English (HKLM-x32\...\{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}) (Version: 12.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2011 - English (HKLM-x32\...\{EED1EFD7-2703-4f7e-9820-EAA3C4723EA3}) (Version: 13.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Watchtower Library 2012 - English (HKLM-x32\...\{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}) (Version: 14.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.438 - ASUS Cloud Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.500 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1869828728-3093472841-3018778326-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403) (HKLM\...\F9FD5BBF579A4BFD40D38BE291F731666B27DC28) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (06/11/2009 6.2.0.9500) (HKLM\...\0E74EB10C05C955C24243E6D3120CDC972FC5B1D) (Version: 06/11/2009 6.2.0.9500 - Broadcom)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-12-2014 00:12:06 Windows Update
03-12-2014 00:35:16 Revo Uninstaller Pro's restore point - Spy
03-12-2014 00:40:42 Revo Uninstaller Pro's restore point - Spyhunter
03-12-2014 00:43:38 Revo Uninstaller Pro's restore point - SpyHunter
03-12-2014 00:46:31 Revo Uninstaller Pro's restore point - SpyHunter 4
03-12-2014 01:07:20 Restore Operation
03-12-2014 02:46:29 Installed AVG 2015
03-12-2014 02:47:11 Installed AVG 2015
03-12-2014 03:53:07 Removed AVG 2015
03-12-2014 03:54:22 Removed AVG 2015
03-12-2014 04:00:40 avast! antivirus system restore point
03-12-2014 04:09:46 Windows Update
04-12-2014 09:09:52 Revo Uninstaller Pro's restore point - ShowPass Smartbar Engine
04-12-2014 09:13:41 Revo Uninstaller Pro's restore point - AVG 2015
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-12-04 20:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09A6BCB6-24C6-4EEE-998E-804D6E37B4C8} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: {0D5726FE-299F-47CD-B334-B0323E0D4E32} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)
Task: {17B0B561-4E3C-46BB-8E36-40DA44C6C4E1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {1FC81E7B-1646-4E11-8E4D-B74996AC6E78} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1869828728-3093472841-3018778326-1001
Task: {2D45914A-901A-44E2-BFD2-375FD92D1897} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {4B8198BD-3921-4112-9C5E-42D4BA37BEA2} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {516D2820-2C3C-4067-BB03-0CA406156E95} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
Task: {5E2667BE-11C3-414E-99C8-2F19A3159682} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {65CC26FF-1C37-4A1A-B77E-8DC571545E1F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {740DE223-032E-4A53-8E96-E161ECBD13A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {75C90C3C-4881-4A3F-8F40-800D92C82082} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {802FBF7D-BB00-48BD-BDAA-666BC7E18B0C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {888B847B-5CB0-48D4-B5EB-1ECE7D38712C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {9208772E-865F-42C8-853E-D150C52EA0F8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AA7B37A4-9CF5-4854-B94F-F1513A52C5B9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {CD51FAF4-1331-4357-8610-BEBBEAEEEE31} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D2C46CFD-F937-43CC-9E74-4EA911C2D4DB} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D457EC3A-7D4E-45FE-AC8D-9B1845130D47} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {EF21E1CD-0721-405B-B898-60C54144BEB5} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-08-11] (ASUS)
Task: {FA5AD4E3-AAF2-431F-B75C-1E01F8379D2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {FF86CD20-1558-403A-8738-D42FAFDC9E1E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-11] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001Core.job => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1869828728-3093472841-3018778326-1001UA.job => C:\Users\Margaret JOH\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-08-20 18:47 - 2010-08-20 18:47 - 00077312 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-04-02 18:21 - 2008-09-30 22:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-11-08 20:06 - 2010-04-05 22:29 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-04 21:38 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-12-04 13:59 - 2014-12-04 13:59 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120401\algo.dll
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-12 17:52 - 2010-08-12 17:52 - 00151552 _____ () C:\ExpressGateUtil\libexpat.dll
2010-08-12 17:52 - 2010-08-12 17:52 - 00057344 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-07-01 11:21 - 2010-07-01 11:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2014-11-25 22:35 - 2014-11-24 22:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 22:35 - 2014-11-24 22:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 22:35 - 2014-11-24 22:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 22:35 - 2014-11-24 22:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1869828728-3093472841-3018778326-500 - Administrator - Disabled)
Guest (S-1-5-21-1869828728-3093472841-3018778326-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1869828728-3093472841-3018778326-1003 - Limited - Enabled)
Margaret JOH (S-1-5-21-1869828728-3093472841-3018778326-1001 - Administrator - Enabled) => C:\Users\Margaret JOH
UpdatusUser (S-1-5-21-1869828728-3093472841-3018778326-1000 - Limited - Enabled) => C:\Users\TEMP
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/04/2014 08:30:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 
 
 DETAIL - Access is denied.
 
Error: (12/04/2014 07:47:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 
 
 DETAIL - Access is denied.
 
Error: (12/04/2014 07:27:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (12/04/2014 06:28:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. 
 
 DETAIL - Access is denied.
 
 
System errors:
=============
Error: (12/04/2014 08:32:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%31
 
Error: (12/04/2014 08:30:26 PM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error: 
%%5
 
Error: (12/04/2014 08:28:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
PenClass
 
Error: (12/04/2014 08:28:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira AntiVir Guard service failed to start due to the following error: 
%%2
 
Error: (12/04/2014 08:28:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avira AntiVir Scheduler service failed to start due to the following error: 
%%2
 
Error: (12/04/2014 08:26:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/04/2014 08:26:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/04/2014 08:23:06 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/04/2014 08:19:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/04/2014 08:19:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (12/04/2014 08:30:26 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Access is denied.
 
Error: (12/04/2014 07:47:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Access is denied.
 
Error: (12/04/2014 07:27:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Margaret JOH\Downloads\esetsmartinstaller_enu.exe
 
Error: (12/04/2014 06:28:19 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: MargaretJOH-PC)
Description: Access is denied.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-04 20:19:25.859
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-04 20:19:25.640
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-04 20:19:25.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-04 20:19:25.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-04 19:35:25.571
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-04 19:35:25.321
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-04 19:35:25.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-04 19:35:24.838
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 19:38:29.969
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 19:38:29.766
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 51%
Total physical RAM: 3884.48 MB
Available physical RAM: 1898.63 MB
Total Pagefile: 9708.66 MB
Available Pagefile: 7425.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:157.87 GB) NTFS
Drive e: (Sims3EP05) (CDROM) (Total:5.3 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=327.8 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

I thought that you were staying up late in your time zone, I realised after checking the world clock on my tablet that it is about 5pm Friday where you are, where as I am still at 8 pm Thursday! Thank you for your hard work!

 

Yes but I am going to have to go soon, my son, daughter in law and grandson have just arrived from Auckland. :)

 

Now

 

Please download Farbar Service Scanner and run.
 

  • Make sure the following options are checked:

     
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services

  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.

 

After that

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

  • 0

#27
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Here is the first one first: 

 

Farbar Service Scanner Version: 21-07-2014
Ran by Margaret JOH (administrator) on 04-12-2014 at 20:51:51
Running from "C:\Users\Margaret JOH\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#28
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

That looks good, no problems.

 

Now for the on line scan and after that see how your computer is and let me know.


  • 1

#29
spidergirl79

spidergirl79

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts

Here is what was found by the second one:

 

C:\Users\Margaret JOH\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe
C:\Users\Margaret JOH\AppDada\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SBQLCXZX\adobe_flash_setup.exe
C:\Users\Guest\AppData\LocalLow\Messenger_Plus_CA\tbMess.dll
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\LocalLow\ConduitEngine\ConduitEngine.dll.vir
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir


  • 0

#30
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

How is you machine now?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP