jmpav123

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014 Ran by Jon at 2014-10-22 14:01:38 Running from C:\Users\Jon\Desktop\fixlist Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3226 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.1.3226 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard) HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD) RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-10-2014 13:49:12 Scheduled Checkpoint 19-10-2014 20:35:45 zoek.exe restore point 21-10-2014 21:29:14 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {26016DE2-AE7B-467B-8589-9F91573164FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {4CC40BE2-049B-4DA8-8F80-A3272E0B1F80} - System32\Tasks\HPCeeScheduleForJon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {5B8A8CD9-23F6-4800-9697-0BC8E86BDD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {69466D4C-8E4B-44BE-85CF-0AEB4D893D2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {6FA937CD-5F44-43A9-9DD6-A1B9CB931D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {B6966DC3-35A2-48FF-BD82-344E9BFEF1FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {B9E0A38B-B64C-4945-B8AD-820D7F3688C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {DAEECF71-A5C6-4644-9804-918FC4BCBE34} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software) Task: {E6B0F3EA-6FF4-445D-BA73-ECC1253E91E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {EE18292F-FA08-4C7D-B058-001660417CBC} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink) Task: {F99353EC-D9BA-4EB6-838B-E4E9018FA228} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-08-14 15:05 - 2014-08-14 15:05 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-22 05:49 - 2014-10-22 05:49 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102200\algo.dll 2011-05-11 18:17 - 2011-05-11 18:17 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll 2014-08-14 15:05 - 2014-08-14 15:05 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1942948493-3841869164-3304507751-500 - Administrator - Disabled) Guest (S-1-5-21-1942948493-3841869164-3304507751-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1942948493-3841869164-3304507751-1002 - Limited - Enabled) Jon (S-1-5-21-1942948493-3841869164-3304507751-1000 - Administrator - Enabled) => C:\Users\Jon ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2014 01:59:25 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (10/22/2014 01:59:25 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=D9C} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). Error: (10/22/2014 06:01:04 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (10/22/2014 06:01:04 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=C4C} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). Error: (10/22/2014 05:50:11 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (10/22/2014 05:50:11 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=E74} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). Error: (10/21/2014 04:25:27 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (10/21/2014 04:25:27 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=CF4} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). Error: (10/20/2014 04:27:08 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (10/20/2014 04:27:08 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=DCC} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). System errors: ============= Error: (10/22/2014 05:59:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (10/22/2014 05:59:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (10/22/2014 05:59:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (10/22/2014 05:58:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2014 05:58:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (10/22/2014 05:58:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/22/2014 05:58:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/22/2014 05:58:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The CalendarSynchService service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2014 05:58:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/22/2014 05:58:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (10/22/2014 01:59:25 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Click-2-Run package registration failure. Error: (10/22/2014 01:59:25 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=D9C} http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD Error: (10/22/2014 06:01:04 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Click-2-Run package registration failure. Error: (10/22/2014 06:01:04 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=C4C} http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD Error: (10/22/2014 05:50:11 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Click-2-Run package registration failure. Error: (10/22/2014 05:50:11 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=E74} http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD Error: (10/21/2014 04:25:27 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Click-2-Run package registration failure. Error: (10/21/2014 04:25:27 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=CF4} http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD Error: (10/20/2014 04:27:08 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Click-2-Run package registration failure. Error: (10/20/2014 04:27:08 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=DCC} http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD ==================== Memory info =========================== Processor: AMD FX-8120 Eight-Core Processor Percentage of memory in use: 35% Total physical RAM: 8159.88 MB Available physical RAM: 5243.33 MB Total Pagefile: 16317.94 MB Available Pagefile: 13307.88 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1845.66 GB) (Free:1741.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:16.88 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D5E15F59) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1845.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014 Ran by Jon (administrator) on JON-HP on 22-10-2014 14:01:00 Running from C:\Users\Jon\Desktop\fixlist Loaded Profile: Jon (Available profiles: Jon) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe (AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard) HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD) HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\MountPoints2: {db3d9fd8-92ba-11e3-9891-9cb70d9bf88b} - F:\VZW_Software_upgrade_assistant.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-22] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (avast! Online Security) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software) R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-22] (Malwarebytes Corporation) S3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 05:57 - 2014-10-22 14:01 - 00000000 ____D () C:\Users\Jon\Desktop\fixlist 2014-10-21 16:27 - 2014-10-21 16:27 - 00000000 __SHD () C:\Users\Jon\AppData\Local\EmieUserList 2014-10-21 16:27 - 2014-10-21 16:27 - 00000000 __SHD () C:\Users\Jon\AppData\Local\EmieSiteList 2014-10-20 16:27 - 2014-10-20 16:27 - 00000000 ____D () C:\Users\Jon\Downloads\FRST-OlderVersion 2014-10-19 15:52 - 2014-10-19 15:34 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-10-19 15:35 - 2014-10-19 15:54 - 00054541 _____ () C:\zoek-results.log 2014-10-19 15:34 - 2014-10-19 15:49 - 00000000 ____D () C:\zoek_backup 2014-10-19 15:34 - 2014-10-19 15:34 - 01282252 _____ () C:\Users\Jon\Downloads\zoek (3).zip 2014-10-19 15:34 - 2014-10-19 15:34 - 01282252 _____ () C:\Users\Jon\Desktop\zoek (3).zip 2014-10-19 15:34 - 2014-10-19 15:34 - 00000000 ____D () C:\Users\Jon\Desktop\zoek (3) 2014-10-19 15:32 - 2014-10-19 15:32 - 01282252 _____ () C:\Users\Jon\Downloads\zoek (2).zip 2014-10-19 13:53 - 2014-10-19 13:53 - 00003096 _____ () C:\Windows\System32\Tasks\{E24C197C-E1E4-46CC-93FC-BD0DC434EFF5} 2014-10-19 13:48 - 2014-10-19 13:48 - 04112566 _____ () C:\Users\Jon\Downloads\zoek (1).zip 2014-10-19 13:46 - 2014-10-19 13:46 - 01272801 _____ () C:\Users\Jon\Downloads\zoek.zip 2014-10-19 10:45 - 2014-10-19 10:45 - 00035247 _____ () C:\Users\Jon\Desktop\Addition2.txt 2014-10-19 07:18 - 2014-10-19 07:18 - 00003107 _____ () C:\Users\Jon\Desktop\AdwCleaner[s0].txt 2014-10-19 07:15 - 2014-10-19 07:15 - 00002899 _____ () C:\Users\Jon\Desktop\JRT.txt 2014-10-19 07:13 - 2014-10-19 07:16 - 00000000 ____D () C:\AdwCleaner 2014-10-19 07:13 - 2014-10-19 07:13 - 01976320 _____ () C:\Users\Jon\Downloads\AdwCleaner.exe 2014-10-19 07:11 - 2014-10-19 07:11 - 00001832 _____ () C:\Users\Jon\Desktop\Malware.txt 2014-10-19 07:09 - 2014-10-19 07:09 - 00000000 ____D () C:\Windows\ERUNT 2014-10-19 07:08 - 2014-10-19 07:09 - 01705698 _____ (Thisisu) C:\Users\Jon\Downloads\JRT.exe 2014-10-17 15:30 - 2014-10-20 16:33 - 00044863 _____ () C:\Users\Jon\Downloads\FRST.txt 2014-10-17 15:30 - 2014-10-20 16:33 - 00036077 _____ () C:\Users\Jon\Downloads\Addition.txt 2014-10-17 15:29 - 2014-10-22 14:01 - 00000000 ____D () C:\FRST 2014-10-14 15:06 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 15:06 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-14 15:06 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-14 15:06 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-14 15:06 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-14 15:06 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-14 15:06 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-14 15:06 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-14 15:06 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-14 15:06 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-14 15:06 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-14 15:06 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-14 15:06 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-14 15:06 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-14 15:06 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-14 15:06 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-14 15:06 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 15:06 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-14 15:06 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-14 15:06 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-14 15:06 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-14 15:06 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-14 15:06 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-14 15:06 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-14 15:06 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-14 15:06 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-14 15:06 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-14 15:06 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-14 15:06 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-14 15:06 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-14 15:06 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-14 15:06 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-14 15:06 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-14 15:06 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 15:05 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-14 15:05 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-14 15:05 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-14 15:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 15:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 15:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 15:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-14 15:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 15:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 15:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 15:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 15:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 15:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 15:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-14 15:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-14 15:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 15:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 15:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 15:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-14 15:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-14 15:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 15:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 15:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-14 15:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-14 15:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-14 15:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-14 15:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 15:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 15:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-14 15:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-14 15:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-14 15:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-14 15:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-14 15:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 15:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-14 15:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-14 15:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-14 15:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 15:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 15:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 15:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 15:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-14 15:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-14 15:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-14 15:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-14 15:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-14 15:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 15:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 15:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-14 15:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 15:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 15:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-14 15:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 15:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-14 15:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 15:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 15:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 15:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 15:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 15:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 15:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 15:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 15:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 15:04 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 15:04 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-14 15:04 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 15:04 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 15:04 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 15:04 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 15:04 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 15:04 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 15:04 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 15:04 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 15:04 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 15:04 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 15:04 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-09-30 16:16 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 16:16 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-24 15:02 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 15:02 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-22 14:00 - 2014-01-22 17:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-10-22 13:58 - 2014-01-22 17:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-22 13:58 - 2012-04-06 00:07 - 00000000 ____D () C:\ProgramData\PDFC 2014-10-22 13:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-22 13:58 - 2009-07-13 23:51 - 00070809 _____ () C:\Windows\setupact.log 2014-10-22 06:25 - 2014-01-21 17:39 - 01422669 _____ () C:\Windows\WindowsUpdate.log 2014-10-22 06:07 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-22 06:07 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-22 06:04 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-22 05:59 - 2012-04-06 00:10 - 00000000 ____D () C:\ProgramData\Norton 2014-10-22 05:59 - 2010-11-20 22:47 - 00608796 _____ () C:\Windows\PFRO.log 2014-10-22 05:49 - 2014-06-30 19:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-21 20:21 - 2014-08-26 16:43 - 00000000 ____D () C:\Users\Jon\AppData\Local\Battle.net 2014-10-21 19:31 - 2014-01-22 18:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-21 19:27 - 2014-01-22 17:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-21 19:20 - 2014-01-21 18:02 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FDE836DF-C951-402D-A5AA-DD40AD4E7BDD} 2014-10-21 17:22 - 2014-01-22 17:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 17:22 - 2014-01-22 17:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-20 18:25 - 2014-08-17 15:13 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-20 18:24 - 2014-02-18 13:07 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-10-19 20:47 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\SoftGrid Client 2014-10-19 15:18 - 2014-02-05 13:38 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJon 2014-10-19 15:18 - 2014-02-05 13:38 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForJon.job 2014-10-18 12:36 - 2014-01-22 18:30 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-10-17 15:38 - 2014-06-30 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-17 15:38 - 2014-06-30 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-17 15:38 - 2014-01-22 17:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-17 15:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-10-16 15:08 - 2014-08-26 16:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-15 18:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 15:10 - 2014-01-29 17:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-15 15:09 - 2014-02-13 05:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-15 14:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-15 14:57 - 2009-07-13 23:45 - 00265104 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 14:57 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-15 14:55 - 2014-05-06 20:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-14 19:16 - 2014-01-21 21:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-14 19:13 - 2014-01-21 21:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-11 19:24 - 2012-04-06 00:01 - 00046487 _____ () C:\Windows\DirectX.log 2014-10-07 19:57 - 2014-07-03 17:06 - 00000000 ____D () C:\Users\Jon\AppData\Local\CrashDumps 2014-10-02 15:53 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-01 11:11 - 2014-06-30 19:06 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-01 11:11 - 2014-06-30 19:06 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-01 11:11 - 2014-01-22 17:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-24 16:28 - 2014-01-22 20:27 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-23 16:31 - 2014-01-22 18:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 16:31 - 2014-01-22 18:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 16:31 - 2012-04-06 00:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 11:52 - 2014-09-07 15:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-09-22 15:13 - 2012-04-05 23:51 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-09-22 15:12 - 2014-09-01 14:41 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 20:37 ==================== End Of Log ============================

That seemed to have worked flawlessly... I'm posting this from Chrome and I have no adds/highlighted words... I hope I ran the test properly, here is the results: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2014 01Ran by Jon at 2014-10-22 05:58:40 Run:1Running from C:\Users\Jon\Desktop\fixlistLoaded Profile: Jon (Available profiles: Jon)Boot Mode: Normal============================================== Content of fixlist:*****************startCloseProcesses:HKLM-x32\...\Run: [] => [X]CHR Extension: (Coupon Digger) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip [2014-09-21]C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlipEmptyTemp:end***************** Processes closed successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip => Moved successfully."C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip" => File/Directory not found.EmptyTemp: => Removed 275.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====

Hello, Yes, I can confirm that it only happens when using Chrome. Im cuttently using Internet Explorer and I have no random adds across the page nor any highlighted words that lead me to "CheapCoupon".

Sorry for the multiple posts but i forgot to post the "addition scan" Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014 01Ran by Jon at 2014-10-20 16:32:56Running from C:\Users\Jon\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hiddenavast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenChuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCounter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3226 - CyberLink Corp.)CyberLink PowerDVD 10 (x32 Version: 10.0.1.3226 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDay of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFarmscapes (x32 Version: 2.2.0.98 - WildTangent) HiddenFATE (x32 Version: 2.2.0.97 - WildTangent) HiddenFinal Drive Fury (x32 Version: 2.2.0.95 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) HiddenHP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) HiddenHP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) HiddenHP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) HiddenHP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard)HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard)HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) HiddenJewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) HiddenLetters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) HiddenLuxor HD (x32 Version: 2.2.0.98 - WildTangent) HiddenMah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMetric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)opensource (x32 Version: 1.0.14960.3876 - Your Company Name) HiddenPDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)Penguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.98 - WildTangent) HiddenPower2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) HiddenRAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD)RAIDXpert (x32 Version: 3.3.1540.9 - AMD) HiddenRaptr (HKLM-x32\...\Raptr) (Version: - )Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) HiddenRemote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) HiddenSid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) HiddenTorchlight (x32 Version: 2.2.0.98 - WildTangent) HiddenTSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVentrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) HiddenWildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWorld of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-10-2014 13:49:12 Scheduled Checkpoint19-10-2014 20:35:45 zoek.exe restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {26016DE2-AE7B-467B-8589-9F91573164FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)Task: {3C7DA56C-6283-4B46-A337-7D17B0C0F810} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)Task: {4CC40BE2-049B-4DA8-8F80-A3272E0B1F80} - System32\Tasks\HPCeeScheduleForJon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {57D97D23-5FBE-4BBC-AD5B-3A4051BC2564} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)Task: {5B8A8CD9-23F6-4800-9697-0BC8E86BDD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)Task: {69466D4C-8E4B-44BE-85CF-0AEB4D893D2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)Task: {6FA937CD-5F44-43A9-9DD6-A1B9CB931D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {9EFA99DC-CB8C-4234-A76B-F439C8C2D3AF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)Task: {B6966DC3-35A2-48FF-BD82-344E9BFEF1FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)Task: {B9E0A38B-B64C-4945-B8AD-820D7F3688C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)Task: {DAEECF71-A5C6-4644-9804-918FC4BCBE34} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)Task: {E6B0F3EA-6FF4-445D-BA73-ECC1253E91E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.)Task: {EE18292F-FA08-4C7D-B058-001660417CBC} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)Task: {F99353EC-D9BA-4EB6-838B-E4E9018FA228} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForJon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2014-08-14 15:05 - 2014-08-14 15:05 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-10-19 13:47 - 2014-10-19 13:47 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14101901\algo.dll2014-10-20 16:26 - 2014-10-20 16:26 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102001\algo.dll2011-05-11 18:17 - 2011-05-11 18:17 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll2014-08-14 15:05 - 2014-08-14 15:05 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd2014-02-21 17:32 - 2014-02-21 17:32 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd2014-02-21 17:32 - 2014-02-21 17:32 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd2014-02-21 17:32 - 2014-02-21 17:32 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd2014-02-21 17:32 - 2014-02-21 17:32 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd2012-02-06 15:28 - 2012-02-06 15:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd2012-02-06 15:28 - 2012-02-06 15:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd2012-02-06 15:28 - 2012-02-06 15:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd2011-05-10 14:01 - 2011-05-10 14:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd2014-02-21 17:32 - 2014-02-21 17:32 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd2014-02-20 15:40 - 2014-02-20 15:40 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll2014-09-10 15:24 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll2014-09-10 15:24 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll2014-09-10 15:24 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll2014-09-10 15:24 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll2014-09-10 15:24 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll2014-09-10 15:24 - 2014-09-03 22:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1942948493-3841869164-3304507751-500 - Administrator - Disabled)Guest (S-1-5-21-1942948493-3841869164-3304507751-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1942948493-3841869164-3304507751-1002 - Limited - Enabled)Jon (S-1-5-21-1942948493-3841869164-3304507751-1000 - Administrator - Enabled) => C:\Users\Jon ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/20/2014 04:27:08 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Click-2-Run package registration failure. Error: (10/20/2014 04:27:08 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {tid=DCC}The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). Error: (10/19/2014 03:55:01 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Click-2-Run package registration failure. Error: (10/19/2014 03:55:01 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {tid=CDC}The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). Error: (10/19/2014 07:18:33 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Information only.Click-2-Run package registration failure. Error: (10/19/2014 07:18:33 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {tid=CC8}The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). System errors:=============Error: (10/19/2014 03:45:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 03:45:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 03:45:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 03:45:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (10/19/2014 03:45:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Microsoft Office Sessions:=========================Error: (10/20/2014 04:27:08 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Click-2-Run package registration failure. Error: (10/20/2014 04:27:08 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {tid=DCC}http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD Error: (10/19/2014 03:55:01 PM) (Source: CVHSVC) (EventID: 100) (User: )Description: Click-2-Run package registration failure. Error: (10/19/2014 03:55:01 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {tid=CDC}http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD Error: (10/19/2014 07:18:33 AM) (Source: CVHSVC) (EventID: 100) (User: )Description: Click-2-Run package registration failure. Error: (10/19/2014 07:18:33 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: )Description: {tid=CC8}http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD ==================== Memory info =========================== Processor: AMD FX-8120 Eight-Core Processor Percentage of memory in use: 36%Total physical RAM: 8159.88 MBAvailable physical RAM: 5220.3 MBTotal Pagefile: 16317.94 MBAvailable Pagefile: 12982.17 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1845.66 GB) (Free:1727.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (HP_RECOVERY) (Fixed) (Total:16.88 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D5E15F59)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=1845.7 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Also random words get highlighted (webpage link) in text. When i mouse over the words a script shows up with "Click to continue > Cheap Coupon"

It is definitely running better, still a random tab opening when I'm in a web browser... but not nearly as bad as it was before. Here is the results from the Farbar Scan: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01Ran by Jon (administrator) on JON-HP on 20-10-2014 16:28:04Running from C:\Users\Jon\DownloadsLoaded Profiles: Jon & (Available profiles: Jon)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-27] (Raptr, Inc)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\MountPoints2: {db3d9fd8-92ba-11e3-9891-9cb70d9bf88b} - F:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1942948493-3841869164-3304507751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-27] (Raptr, Inc)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {db3d9fd8-92ba-11e3-9891-9cb70d9bf88b} - F:\VZW_Software_upgrade_assistant.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF [2014-01-21]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-10-19]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-22] Chrome: =======CHR dev: Chrome dev build detected! <======= ATTENTIONCHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (avast! Online Security) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22]CHR Extension: (Coupon Digger) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip [2014-09-21]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)U2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-21] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-21] (Symantec Corporation) [File not signed]S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-02-24] (Symantec Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-20] (Malwarebytes Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-01-21] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-01-21] (Symantec Corporation)S3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)S3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)S3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-01-22] (Symantec Corporation)S3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 16:27 - 2014-10-20 16:27 - 00000000 ____D () C:\Users\Jon\Downloads\FRST-OlderVersion2014-10-19 15:52 - 2014-10-19 15:34 - 00024064 _____ () C:\Windows\zoek-delete.exe2014-10-19 15:35 - 2014-10-19 15:54 - 00054541 _____ () C:\zoek-results.log2014-10-19 15:34 - 2014-10-19 15:49 - 00000000 ____D () C:\zoek_backup2014-10-19 15:34 - 2014-10-19 15:34 - 01282252 _____ () C:\Users\Jon\Downloads\zoek (3).zip2014-10-19 15:34 - 2014-10-19 15:34 - 01282252 _____ () C:\Users\Jon\Desktop\zoek (3).zip2014-10-19 15:34 - 2014-10-19 15:34 - 00000000 ____D () C:\Users\Jon\Desktop\zoek (3)2014-10-19 15:32 - 2014-10-19 15:32 - 01282252 _____ () C:\Users\Jon\Downloads\zoek (2).zip2014-10-19 13:53 - 2014-10-19 13:53 - 00003096 _____ () C:\Windows\System32\Tasks\{E24C197C-E1E4-46CC-93FC-BD0DC434EFF5}2014-10-19 13:48 - 2014-10-19 13:48 - 04112566 _____ () C:\Users\Jon\Downloads\zoek (1).zip2014-10-19 13:46 - 2014-10-19 13:46 - 01272801 _____ () C:\Users\Jon\Downloads\zoek.zip2014-10-19 10:45 - 2014-10-19 10:45 - 00035247 _____ () C:\Users\Jon\Desktop\Addition2.txt2014-10-19 07:18 - 2014-10-19 07:18 - 00003107 _____ () C:\Users\Jon\Desktop\AdwCleaner[s0].txt2014-10-19 07:15 - 2014-10-19 07:15 - 00002899 _____ () C:\Users\Jon\Desktop\JRT.txt2014-10-19 07:13 - 2014-10-19 07:16 - 00000000 ____D () C:\AdwCleaner2014-10-19 07:13 - 2014-10-19 07:13 - 01976320 _____ () C:\Users\Jon\Downloads\AdwCleaner.exe2014-10-19 07:11 - 2014-10-19 07:11 - 00001832 _____ () C:\Users\Jon\Desktop\Malware.txt2014-10-19 07:09 - 2014-10-19 07:09 - 00000000 ____D () C:\Windows\ERUNT2014-10-19 07:08 - 2014-10-19 07:09 - 01705698 _____ (Thisisu) C:\Users\Jon\Downloads\JRT.exe2014-10-17 15:30 - 2014-10-20 16:28 - 00017293 _____ () C:\Users\Jon\Downloads\FRST.txt2014-10-17 15:30 - 2014-10-19 10:43 - 00035247 _____ () C:\Users\Jon\Downloads\Addition.txt2014-10-17 15:29 - 2014-10-20 16:28 - 00000000 ____D () C:\FRST2014-10-17 15:29 - 2014-10-20 16:27 - 02110976 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe2014-10-14 15:06 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-14 15:06 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2014-10-14 15:06 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2014-10-14 15:06 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2014-10-14 15:06 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-14 15:06 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2014-10-14 15:06 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2014-10-14 15:06 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-14 15:06 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-14 15:06 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-14 15:06 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-14 15:06 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2014-10-14 15:06 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2014-10-14 15:06 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-14 15:06 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-14 15:06 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-14 15:06 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-14 15:06 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-14 15:06 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-14 15:06 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-14 15:06 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-14 15:06 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-14 15:06 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-14 15:06 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-14 15:06 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-14 15:06 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-10-14 15:06 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2014-10-14 15:06 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2014-10-14 15:06 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll2014-10-14 15:06 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2014-10-14 15:06 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-14 15:06 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-10-14 15:06 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-10-14 15:06 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-10-14 15:06 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-10-14 15:06 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-14 15:06 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-14 15:06 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-14 15:06 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-14 15:06 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-14 15:05 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-14 15:05 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-14 15:05 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-14 15:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-14 15:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-14 15:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-14 15:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-14 15:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-14 15:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-14 15:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-14 15:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-14 15:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-14 15:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-14 15:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-14 15:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-14 15:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-14 15:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-14 15:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-14 15:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-14 15:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-14 15:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-14 15:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-14 15:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-14 15:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-14 15:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-14 15:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-14 15:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-14 15:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-14 15:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-14 15:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-14 15:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-14 15:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-14 15:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-14 15:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-14 15:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-14 15:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-14 15:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-14 15:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-14 15:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-14 15:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-14 15:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-14 15:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-14 15:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-14 15:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-14 15:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-14 15:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-14 15:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-14 15:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-14 15:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-14 15:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-14 15:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-14 15:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-14 15:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-14 15:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-14 15:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-14 15:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-14 15:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-14 15:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-14 15:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-14 15:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-14 15:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-14 15:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-14 15:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-14 15:04 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-14 15:04 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-14 15:04 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-14 15:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-14 15:04 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll2014-10-14 15:04 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2014-10-14 15:04 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-14 15:04 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-14 15:04 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-14 15:04 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-14 15:04 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-14 15:04 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-14 15:04 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-14 15:04 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-14 15:04 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-14 15:04 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-14 15:04 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-09 17:07 - 2014-10-09 17:07 - 00000221 _____ () C:\Users\Jon\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url2014-09-30 16:16 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-09-30 16:16 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-24 15:02 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-24 15:02 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-20 16:28 - 2014-01-22 17:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-10-20 16:26 - 2014-06-30 19:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-20 16:26 - 2014-02-18 13:08 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Raptr2014-10-20 16:26 - 2012-04-06 00:07 - 00000000 ____D () C:\ProgramData\PDFC2014-10-20 16:25 - 2014-01-22 17:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-20 16:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-20 16:25 - 2009-07-13 23:51 - 00070529 _____ () C:\Windows\setupact.log2014-10-19 20:48 - 2014-01-21 17:39 - 01352827 _____ () C:\Windows\WindowsUpdate.log2014-10-19 20:47 - 2014-08-26 16:43 - 00000000 ____D () C:\Users\Jon\AppData\Local\Battle.net2014-10-19 20:47 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\SoftGrid Client2014-10-19 20:31 - 2014-01-22 18:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-19 20:21 - 2014-01-22 17:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-19 17:57 - 2014-01-21 18:02 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FDE836DF-C951-402D-A5AA-DD40AD4E7BDD}2014-10-19 16:01 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-19 16:01 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-19 15:58 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-19 15:53 - 2010-11-20 22:47 - 00259436 _____ () C:\Windows\PFRO.log2014-10-19 15:18 - 2014-02-05 13:38 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJon2014-10-19 15:18 - 2014-02-05 13:38 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForJon.job2014-10-18 12:36 - 2014-01-22 18:30 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2014-10-17 15:38 - 2014-06-30 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-17 15:38 - 2014-06-30 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-17 15:38 - 2014-01-22 17:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-17 15:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports2014-10-16 15:08 - 2014-08-26 16:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-10-15 18:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-15 15:10 - 2014-01-29 17:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-10-15 15:09 - 2014-02-13 05:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-10-15 14:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-10-15 14:57 - 2009-07-13 23:45 - 00265104 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 14:57 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-10-15 14:55 - 2014-05-06 20:05 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism2014-10-14 19:16 - 2014-01-21 21:15 - 00000000 ____D () C:\Windows\system32\MRT2014-10-14 19:13 - 2014-01-21 21:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-11 19:24 - 2012-04-06 00:01 - 00046487 _____ () C:\Windows\DirectX.log2014-10-11 19:22 - 2014-08-17 15:13 - 00000000 ____D () C:\Program Files (x86)\Steam2014-10-07 19:57 - 2014-07-03 17:06 - 00000000 ____D () C:\Users\Jon\AppData\Local\CrashDumps2014-10-01 11:11 - 2014-06-30 19:06 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-01 11:11 - 2014-06-30 19:06 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-01 11:11 - 2014-01-22 17:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-24 16:28 - 2014-01-22 20:27 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-09-23 16:31 - 2014-01-22 18:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-09-23 16:31 - 2014-01-22 18:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-09-23 16:31 - 2012-04-06 00:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-09-23 11:52 - 2014-09-07 15:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III2014-09-22 15:13 - 2012-04-05 23:51 - 00000000 ____D () C:\Windows\Downloaded Installations2014-09-22 15:12 - 2014-09-01 14:41 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 20:37 ==================== End Of Log ============================

Thank you, here is the results: Zoek.exe v5.0.0.0 Updated 19-10-2014Tool run by Jon on Sun 10/19/2014 at 15:34:46.40.Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Jon\Desktop\zoek (3)\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 10/19/2014 3:36:03 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1942948493-3841869164-3304507751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfullyHKEY_USERS\S-1-5-21-1942948493-3841869164-3304507751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D9F1BBCF-F50F-4AE8-B4A6-4B1434A3A7D0} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin AMD APP SDK Runtime AMD Catalyst Control Center AMD Catalyst Install Manager AMD Fuel avast Free Antivirus Battle.net Bejeweled 3 Blackhawk Striker 2 Bluetooth by hp Bubble Wrap Call of Duty: Modern Warfare 3 - Dedicated Server Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Counter-Strike Counter-Strike: Condition Zero Cradle of Rome 2 CyberLink PowerDVD 10 D3DX10 Day of Defeat Diablo III DirectX for Managed Code Update (Summer 2004) Dora's World Adventure Dropbox Facebook Farm Frenzy Farmscapes FATE Final Drive Fury Google Chrome Google Update Helper Hewlett-Packard ACLM.NET v1.2.2.3 Hoyle Card Games HP Application Assistant HP Auto HP Calendar HP Client Services HP Clock HP Customer Experience Enhancements HP Games HP LinkUp HP Magic Canvas HP Magic Canvas Tutorials HP Notes HP Odometer HP RSS HP Setup HP Setup Manager HP Support Assistant HP Support Information HP TouchSmart Background - Beats HP TouchSmart RecipeBox HP Update HP Vision Hardware Diagnostics HP Weather HydraVision Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update LabelPrint Letters from Nowhere 2 Luxor HD Mah Jong Medley Malwarebytes Anti-Malware version 2.0.3.1025 Mesh Runtime Metric Converter Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Mathematics Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 More Games from HP Games MSVCRT MSVCRT_amd64 Mumble 1.2.4 Norton Internet Security opensource PDF Complete Special Edition Penguins Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 Poker Superstars III Polar Bowler Polar Golfer Power2Go RAIDXpert Raptr Recovery Manager Remote Graphics Receiver RollerCoaster Tycoon 3: Platinum RoyaulShaoepperApp Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Sid Meier's Civilization V Steam The Treasures of Mystery Island: The Ghost Ship Torchlight TSHostedAppLauncher Update Installer for WildTangent Games App Ventrilo Client for Windows x64 Virtual Villagers 4 - The Tree of Life WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources World of Warcraft Zuma's Revenge ==== Running Processes ====================== C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exeC:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\PROGRA~2\Raptr\raptr.exeC:\PROGRA~2\Raptr\raptr_im.exec:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Windows\SysWOW64\WinMsgBalloonServer.exeC:\Windows\SysWOW64\WinMsgBalloonClient.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exeC:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exeC:\Program Files (x86)\Battle.net\Battle.net.5134\Battle.net.exeC:\Program Files (x86)\Diablo III\Diablo III.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXEC:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exeC:\Users\Jon\Desktop\zoek (3)\zoek.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe ==== Services (whitelist) ======================Powered by E Dev R2 - [AESTFilters] - Andrea ST Filters Service - C:\Program Files\IDT\WDM\AESTSr64.exeR2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exeR2 - [AMD FUEL Service] - AMD FUEL Service - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchServiceR2 - [AMD_RAIDXpert] - AMD RAIDXpert - "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -sR2 - [btwdins] - Bluetooth Service - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeR2 - [CalendarSynchService] - CalendarSynchService - "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe"R2 - [cvhsvc] - Client Virtualization Handler - "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"R2 - [HPClientSvc] - HP Client Services - "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"R2 - [NIS] - Norton Internet Security - "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll" /prefetch:1R2 - [pdfcDispatcher] - PDF Document Manager - C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcServiceR2 - [sftlist] - Application Virtualization Client - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"R2 - [sTacSV] - Audio Service - C:\Program Files\IDT\WDM\STacSV64.exeR2 - [uMVPFSrv] - UMVPFSrv - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeR2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /EmbeddingR3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"R3 - [sftvsa] - Application Virtualization Service Agent - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"S2 - [CLKMSVC10_38F51D56] - CyberLink Product - 2012/04/05 22:06:56 - "c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe" /svcS2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeS2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeS2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svcS2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exeS3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeS3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exeS3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeS3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exeS3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exeS3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exeS3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeS3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvcS3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /VS3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exeS3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /VS3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exeS3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exeS3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exeS3 - [steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsServiceS3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exeS3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exeS3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exeS3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exeS3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exeS4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeS4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeS4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\bc8b6c067af10e62 deletedC:\PROGRA~3\Package Cache deletedC:\Windows\SysNative\config\systemprofile\Searches deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)Memory (RAM): 8160 MBCPU Info: AMD FX-8120 Eight-Core ProcessorCPU Speed: 3088.9 MHzSound Card: Speakers / Headphones (IDT High | Digital Output (S/PDIF) (IDT Hi | Display Adapters: AMD Radeon HD 7670 | AMD Radeon HD 7670 | AMD Radeon HD 7670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display DriverMonitors: 1x; Generic PnP Monitor | Screen Resolution: 1360 X 768 - 32 bitNetwork: Network PresentNetwork Adapters: Bluetooth Device (Personal Area Network) | Broadcom WLAN Adapter | Realtek PCIe GBE Family ControllerCD / DVD Drives: 1x (E: | ) E: hp BD E DH12E3SHBPorts: COM Ports NOT Present. LPT Port NOT Present. Mouse: 7 Button Wheel Mouse PresentHard Disks: C: 1845.7GB | D: 16.9GB | Q: 0.0MBHard Disks - Free: C: 1727.5GB | D: 2.1GB | Q: 0.0MBManufacturer *: AMIBIOS Info: AT/AT COMPATIBLE | 12/29/11 | HPQOEM - 1072009Time Zone: Central Standard TimeMotherboard *: Gigabyte 2AC8Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Anti-Spyware: avast! Antivirus disabled (Outdated)Anti-Spyware: Norton Internet Security disabled (Outdated)Firewall: Norton Internet Security disabledDefault Browser: Google Chrome 37.0.2062.120Internet Explorer Version: 11.0.9600.17358 Google Chrome version: 37.0.2062.120Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ========== C:\Users\Jon\AppData\Local\Temp ====2014-10-19 12:09:05 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\pcre3.dll2014-10-19 12:09:05 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\regex2.dll2014-10-19 12:09:04 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\libiconv2.dll2014-10-19 12:09:04 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\libintl3.dll2014-10-19 12:09:04 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\erunt\ERUNT.EXE2014-10-12 16:54:48 E17B30D3B06DBC63E9E94DAE70290A35 787968 ----a-w- C:\Users\Jon\AppData\Local\Temp\sqlite3.dll====== Java Cache =========== C:\Windows\SysWOW64 =====2014-10-14 20:06:34 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll2014-10-14 20:06:34 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll2014-10-14 20:06:33 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll2014-10-14 20:06:24 2C5D7D6C3C3E998306F0BFD7FF7114B9 744960 ----a-w- C:\Windows\SysWOW64\blackbox.dll2014-10-14 20:06:23 C1140AAB50F59C68394CE4C4046A9A8D 988160 ----a-w- C:\Windows\SysWOW64\drmv2clt.dll2014-10-14 20:06:21 089236B6EC2E6C52A1864B79A09D7690 617984 ----a-w- C:\Windows\SysWOW64\wmdrmsdk.dll2014-10-14 20:06:19 152FCD9B979D70FDB703A28152B634EA 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll2014-10-14 20:06:17 F50F1EBD832CA070E1717C2044806ECF 3208704 ----a-w- C:\Windows\SysWOW64\mf.dll2014-10-14 20:06:16 9153F819C855EBD72417DAE7C176CF50 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll2014-10-14 20:06:16 1858EF9B8A1E334AC1262D664367F451 406016 ----a-w- C:\Windows\SysWOW64\drmmgrtn.dll2014-10-14 20:06:15 776DBF61BA3E8FA64FFA052559A29174 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll2014-10-14 20:06:14 FDA08BEB01B0B0E372088DC21CBA73F3 3970488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-14 20:06:12 E365C7B3EBB96451D3C9DF6B6B6900C2 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll2014-10-14 20:06:12 623E143F2DF17C0106A9988F5D7DC878 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll2014-10-14 20:06:11 B18B9BD51C8D86596110B9ABD138B92F 3914680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe2014-10-14 20:06:10 F8028D69DE63F180623D4444A39BAB3E 489984 ----a-w- C:\Windows\SysWOW64\evr.dll2014-10-14 20:06:10 5C3BA07E215B4F693E7D78D6F4980D98 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll2014-10-14 20:06:09 454BF1E3B844306E764ADC0EA7B6E64C 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll2014-10-14 20:06:08 6BB12A7CA8779D96334B258548B071F5 1005056 ----a-w- C:\Windows\SysWOW64\cryptui.dll2014-10-14 20:06:07 8C147D67D4E75882DA88206DF098229A 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll2014-10-14 20:06:07 77F95AE51E834BAFE903912F7EBE825B 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll2014-10-14 20:06:07 6B07EE9C7668D2C704563DA838026828 81408 ----a-w- C:\Windows\SysWOW64\cryptsp.dll2014-10-14 20:06:05 534177269B23D1999DD1FCA50A396611 504320 ----a-w- C:\Windows\SysWOW64\msscp.dll2014-10-14 20:06:04 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe2014-10-14 20:06:04 4BA17820B97F1CAED69E5BE5F1BC7C96 265216 ----a-w- C:\Windows\SysWOW64\msnetobj.dll2014-10-14 20:06:03 20257A0BFB824B49055A6EEC29C72C03 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll2014-10-14 20:06:02 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe2014-10-14 20:06:02 9590D4F5699C176217A8CA2330E54D8A 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll2014-10-14 20:06:02 4F1FCBB6A312825B9A84F813E5093AE9 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll2014-10-14 20:06:01 E637A7187CAFB3EEEED0540CBEF27C8B 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll2014-10-14 20:06:01 A7DD5C1F29877A473265D4B98B3495ED 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL2014-10-14 20:06:01 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx2014-10-14 20:06:01 73AC4B12E706CD7D0447976507E50DBE 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll2014-10-14 20:06:01 52096F5F476733F2E2725CF346FF373B 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll2014-10-14 20:05:37 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll2014-10-14 20:05:36 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-14 20:05:36 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll2014-10-14 20:05:36 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll2014-10-14 20:05:36 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll2014-10-14 20:05:36 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll2014-10-14 20:05:35 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll2014-10-14 20:05:35 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll2014-10-14 20:05:35 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll2014-10-14 20:05:35 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-14 20:05:34 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll2014-10-14 20:05:34 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl2014-10-14 20:05:34 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb2014-10-14 20:05:34 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll2014-10-14 20:05:32 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll2014-10-14 20:05:32 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll2014-10-14 20:05:31 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll2014-10-14 20:05:31 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll2014-10-14 20:05:30 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe2014-10-14 20:05:30 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-14 20:05:29 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll2014-10-14 20:05:29 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll2014-10-14 20:05:29 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll2014-10-14 20:05:29 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll2014-10-14 20:05:29 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll2014-10-14 20:05:29 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll2014-10-14 20:05:08 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll2014-10-14 20:04:56 6BEA81D3173FC13402033ADC86C88E29 1050112 ----a-w- C:\Windows\SysWOW64\mstsc.exe2014-10-14 20:04:56 471B09D4C3A4EFE36A18CC1F433FE299 4922368 ----a-w- C:\Windows\SysWOW64\mstscax.dll2014-10-14 20:04:56 22FE6C9FB6C490F9D279F95E5996323D 37376 ----a-w- C:\Windows\SysWOW64\tsgqec.dll2014-10-14 20:04:56 157E827DCEF60AB109537FD34885725A 269312 ----a-w- C:\Windows\SysWOW64\aaclient.dll2014-10-14 20:04:46 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll2014-10-14 20:04:28 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll2014-10-14 20:04:28 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll2014-10-14 20:04:28 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll2014-10-14 20:04:15 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2014-10-14 20:06:39 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys2014-10-14 20:06:34 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\Windows\Sysnative\mscorier.dll2014-10-14 20:06:33 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\Windows\Sysnative\mscories.dll2014-10-14 20:06:33 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\Windows\Sysnative\dfshim.dll2014-10-14 20:06:24 EF86A7118A3950F03B364FAC93A08E96 1202176 ----a-w- C:\Windows\Sysnative\drmv2clt.dll2014-10-14 20:06:24 2F5AF776A7B24C6B82D20B5F3179B235 842240 ----a-w- C:\Windows\Sysnative\blackbox.dll2014-10-14 20:06:22 73D3B2408952890DE8157EAA014B9A52 14632960 ----a-w- C:\Windows\Sysnative\wmp.dll2014-10-14 20:06:21 FE4ABDE0BC70BF9F82531FDB416C4B4E 4120576 ----a-w- C:\Windows\Sysnative\mf.dll2014-10-14 20:06:21 868FE3B478D05A225D27A28E933CE33C 782848 ----a-w- C:\Windows\Sysnative\wmdrmsdk.dll2014-10-14 20:06:20 87222A707545E783D9FAE7940645A2C3 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll2014-10-14 20:06:17 5807843607013D16EEEDC15DA4AA83E7 497664 ----a-w- C:\Windows\Sysnative\drmmgrtn.dll2014-10-14 20:06:16 999A7FD4D9F8B1656F1167D94743E50A 457400 ----a-w- C:\Windows\Sysnative\ci.dll2014-10-14 20:06:16 84396ACFCF981E2CBFACD084DF1271B9 616352 ----a-w- C:\Windows\Sysnative\winresume.efi2014-10-14 20:06:15 DA9AF4793B4874BE0BE28170DB890CDF 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll2014-10-14 20:06:15 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\Sysnative\winload.exe2014-10-14 20:06:15 8F3FE4C327D30629266F1F0650C2E910 1574400 ----a-w- C:\Windows\Sysnative\quartz.dll2014-10-14 20:06:15 7FC292D1527EDFEBA2576B6789DE6AB5 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll2014-10-14 20:06:15 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\Sysnative\winresume.exe2014-10-14 20:06:15 19D511CC455C19DE1ADF60E6C39C85B6 187904 ----a-w- C:\Windows\Sysnative\cryptsvc.dll2014-10-14 20:06:15 00B454421642EF68B7A17D2C153920E2 693176 ----a-w- C:\Windows\Sysnative\winload.efi2014-10-14 20:06:14 F06D511B37BB101A7951A1837224B7A5 631808 ----a-w- C:\Windows\Sysnative\evr.dll2014-10-14 20:06:14 D382414098819BA8A0C2A5F362A710DC 5551032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe2014-10-14 20:06:13 6B381E24EC6A6519DC0A67F1DF5EF82C 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll2014-10-14 20:06:12 C92075D9FFC8429E6CA1279EA8D25722 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll2014-10-14 20:06:12 81A2008198A6E450E4BC7EF361154C8A 1069056 ----a-w- C:\Windows\Sysnative\cryptui.dll2014-10-14 20:06:12 08835F1772B58DE4C3AAF604760276A5 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll2014-10-14 20:06:10 4BE4D8091FBE4DE496B3EFBA206F29AE 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll2014-10-14 20:06:10 2C1B6A64294F2182DC4999F923873974 679424 ----a-w- C:\Windows\Sysnative\audiosrv.dll2014-10-14 20:06:08 724EE88C7003974720087A4344331FC1 503808 ----a-w- C:\Windows\Sysnative\srcore.dll2014-10-14 20:06:08 256390425414F90FCBC12F525A84EB11 188416 ----a-w- C:\Windows\Sysnative\pcasvc.dll2014-10-14 20:06:07 D9A61370B40ABAA9F509113504CD8425 82432 ----a-w- C:\Windows\Sysnative\cryptsp.dll2014-10-14 20:06:06 6F86A81133E8D468DDBE74E2A96CEA03 641024 ----a-w- C:\Windows\Sysnative\msscp.dll2014-10-14 20:06:05 F71CA01C24FC3798A717B5A6F682F9AD 32256 ----a-w- C:\Windows\Sysnative\appidsvc.dll2014-10-14 20:06:05 F4F4D51214FEC718D798CA4FF7629FC5 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe2014-10-14 20:06:05 D179B4872554CFFD5621FD76E4469C81 325632 ----a-w- C:\Windows\Sysnative\msnetobj.dll2014-10-14 20:06:05 01C98E5902E428D5C7EA136895FAEF4C 58880 ----a-w- C:\Windows\Sysnative\appidapi.dll2014-10-14 20:06:04 A8DDFADCA566D4EA38C9DA928D14A658 126464 ----a-w- C:\Windows\Sysnative\audiodg.exe2014-10-14 20:06:04 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe2014-10-14 20:06:03 9797A23F773C0782A0D91BEC44054166 206848 ----a-w- C:\Windows\Sysnative\mfps.dll2014-10-14 20:06:02 D79539E35A0F4A1A6E5DC9A268696DC5 146944 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe2014-10-14 20:06:02 C15F3DF9122C70F42AC6D66CBC90918B 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll2014-10-14 20:06:02 B86AE91A441FA81CFFF2B53F2A1BF123 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe2014-10-14 20:06:02 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe2014-10-14 20:06:02 310A2A61A5588D932002F83651188C9E 50176 ----a-w- C:\Windows\Sysnative\srclient.dll2014-10-14 20:06:01 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx2014-10-14 20:06:01 855056F06F3677063DB2CC51899BC216 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll2014-10-14 20:06:01 71EF970D853661A6BAFBD45C36714FEC 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL2014-10-14 20:06:01 63578DB847FCC40883CB8F303E785D46 2048 ----a-w- C:\Windows\Sysnative\mferror.dll2014-10-14 20:06:01 5C90E1F072AF0579620B500DA14588C3 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll2014-10-14 20:05:45 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\Windows\Sysnative\generaltel.dll2014-10-14 20:05:44 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\Windows\Sysnative\aepdu.dll2014-10-14 20:05:43 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll2014-10-14 20:05:36 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb2014-10-14 20:05:36 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll2014-10-14 20:05:36 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe2014-10-14 20:05:35 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll2014-10-14 20:05:35 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll2014-10-14 20:05:34 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll2014-10-14 20:05:34 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll2014-10-14 20:05:32 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe2014-10-14 20:05:32 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll2014-10-14 20:05:32 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll2014-10-14 20:05:31 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll2014-10-14 20:05:31 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll2014-10-14 20:05:30 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl2014-10-14 20:05:30 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll2014-10-14 20:05:29 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll2014-10-14 20:05:28 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll2014-10-14 20:05:28 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll2014-10-14 20:05:28 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll2014-10-14 20:05:27 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe2014-10-14 20:05:27 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll2014-10-14 20:05:27 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll2014-10-14 20:05:27 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll2014-10-14 20:05:27 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll2014-10-14 20:05:26 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll2014-10-14 20:05:26 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll2014-10-14 20:05:26 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll2014-10-14 20:05:26 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll2014-10-14 20:05:26 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll2014-10-14 20:05:25 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe2014-10-14 20:05:24 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll2014-10-14 20:05:09 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll2014-10-14 20:04:56 E345E529C548F9A876DE0FCC9447F32C 1125888 ----a-w- C:\Windows\Sysnative\mstsc.exe2014-10-14 20:04:56 C234A772C8A9198F302ECE50B05AC258 322560 ----a-w- C:\Windows\Sysnative\aaclient.dll2014-10-14 20:04:56 760453BB975A6615D360651718CA3866 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll2014-10-14 20:04:55 FDC825DBD7B8FD5AEFE573E19342071B 5780480 ----a-w- C:\Windows\Sysnative\mstscax.dll2014-10-14 20:04:54 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\Windows\Sysnative\rdpcorets.dll2014-10-14 20:04:46 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll2014-10-14 20:04:29 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll2014-10-14 20:04:28 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll2014-10-14 20:04:28 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll2014-10-14 20:04:28 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll2014-10-14 20:04:28 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll2014-10-14 20:04:15 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll====== C:\Windows\Sysnative\drivers =====2014-10-14 20:06:16 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys2014-10-14 20:06:04 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys2014-10-14 20:04:28 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys2014-10-14 20:04:27 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys====== C:\Windows\Tasks ======2014-10-19 18:53:52 801A55F6010BD8940619893CDF44F7D7 3096 ----a-w- C:\Windows\Sysnative\Tasks\{E24C197C-E1E4-46CC-93FC-BD0DC434EFF5}====== C:\Windows\Temp ============= C:\Program Files ============ C:\PROGRA~2 ============ C: =========== C:\Users\Jon\AppData\Roaming ============ C:\Users\Jon ======2014-10-19 12:13:40 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Jon\Downloads\AdwCleaner.exe2014-10-19 12:08:52 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Jon\Downloads\JRT.exe2014-10-17 20:29:37 1F3E1F48BB33569A4FC97667D1E2B0FC 2112000 ----a-w- C:\Users\Jon\Downloads\FRST64.exe ====== C: exe-files ==2014-10-19 12:13:40 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Jon\Downloads\AdwCleaner.exe2014-10-19 12:09:04 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\erunt\ERUNT.EXE2014-10-19 12:08:52 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Jon\Downloads\JRT.exe2014-10-18 17:36:58 0791ED92A39CEA9F9AF0262E2271D82B 21252144 ----a-w- C:\Program Files (x86)\World of Warcraft\Wow-64.exe2014-10-18 17:36:57 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Program Files (x86)\World of Warcraft\SystemSurvey.exe2014-10-18 17:36:56 3FE4C4324A89E48608C460BCC3F1211B 13698608 ----a-w- C:\Program Files (x86)\World of Warcraft\Wow.exe2014-10-18 12:02:02 C918B9C4DEB2BD5B623EECC0FFC92225 49620672 ----a-w- C:\Users\Jon\AppData\Roaming\Raptr\raptr-4.1.2-r88325-release.exe2014-10-17 20:29:37 1F3E1F48BB33569A4FC97667D1E2B0FC 2112000 ----a-w- C:\Users\Jon\Downloads\FRST64.exe2014-10-16 20:01:47 3874DF424CBA9D340999E17C40130474 49628992 ----a-w- C:\Users\Jon\AppData\Roaming\Raptr\raptr-4.1.1-r88229-release.exe2014-10-15 20:09:39 634D94E682D501285EFE9EEC505D8739 140856 ----a-w- C:\Windows\Temp\ACLM\HP.ActiveCheckLocalMode.DetectEngine.DetectManager_33cf754a-2460-4e10-92c5-40607e5e140b\hpdobject.exe2014-10-14 23:57:03 9DF4EB707D8FA2C6F93C08C435E39CEF 48521944 ----a-w- C:\Users\Jon\AppData\Roaming\Raptr\raptr-4.1.0-r86354-release.exe2014-10-14 20:06:15 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\System32\winload.exe2014-10-14 20:06:15 C2664AA33B7127C737FC5612EBEB4DE9 619056 ----a-w- C:\Windows\System32\Boot\winload.exe2014-10-14 20:06:15 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\System32\winresume.exe2014-10-14 20:06:15 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\System32\Boot\winresume.exe2014-10-14 20:06:14 FDA08BEB01B0B0E372088DC21CBA73F3 3970488 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-14 20:06:14 D382414098819BA8A0C2A5F362A710DC 5551032 ----a-w- C:\Windows\System32\ntoskrnl.exe2014-10-14 20:06:12 C97F0824615473C485B882E5E19CFCC9 497080 ----a-w- C:\Windows\Boot\PCAT\memtest.exe2014-10-14 20:06:11 B18B9BD51C8D86596110B9ABD138B92F 3914680 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe2014-10-14 20:06:05 F4F4D51214FEC718D798CA4FF7629FC5 296960 ----a-w- C:\Windows\System32\rstrui.exe2014-10-14 20:06:04 A8DDFADCA566D4EA38C9DA928D14A658 126464 ----a-w- C:\Windows\System32\audiodg.exe2014-10-14 20:06:04 68E09E7CD4DC52F132A4B492ACE8C243 55808 ----a-w- C:\Windows\System32\rrinstaller.exe2014-10-14 20:06:04 60FBCF033FF42A40C916C01A962A8802 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe2014-10-14 20:06:02 E017E313FB86FDD356D3F15A7024B4F2 102400 ----a-w- C:\Program Files\Windows Media Player\wmpconfig.exe2014-10-14 20:06:02 D79539E35A0F4A1A6E5DC9A268696DC5 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe2014-10-14 20:06:02 D5F60B28FB5F9210AD9827FEB47B1AF2 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe2014-10-14 20:06:02 D17954CA6343F43B62637F51996B4E95 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe2014-10-14 20:06:02 B86AE91A441FA81CFFF2B53F2A1BF123 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe2014-10-14 20:06:02 AC3B58FFD38D515DE923C63C2ACDFD54 102400 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpshare.exe2014-10-14 20:06:02 AB2EB93A982A2C26BA3E4D2D65328804 24576 ----a-w- C:\Windows\System32\mfpmp.exe2014-10-14 20:06:02 686A215E51F5FF66B529AF7AA940EAE3 102912 ----a-w- C:\Program Files\Windows Media Player\wmpshare.exe2014-10-14 20:06:02 0786D45A6F41F075E20A18E2F7285BA0 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe2014-10-14 20:06:01 B56E64D20C205B219C717496E00303D0 101888 ----a-w- C:\Program Files (x86)\Windows Media Player\wmpconfig.exe2014-10-14 20:05:43 D43F34B4901C499FE13798149879DCD8 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe2014-10-14 20:05:43 97EBB8C10D4A6CA575E3D916B25A3BEF 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe2014-10-14 20:05:36 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe2014-10-14 20:05:36 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe2014-10-14 20:05:36 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\System32\ie4uinit.exe2014-10-14 20:05:34 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe2014-10-14 20:05:34 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe2014-10-14 20:05:34 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe2014-10-14 20:05:32 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-10-14 20:05:30 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe2014-10-14 20:05:30 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe2014-10-14 20:05:27 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-10-14 20:05:25 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2014-10-14 20:04:56 E345E529C548F9A876DE0FCC9447F32C 1125888 ----a-w- C:\Windows\System32\mstsc.exe2014-10-14 20:04:56 6BEA81D3173FC13402033ADC86C88E29 1050112 ----a-w- C:\Windows\SysWOW64\mstsc.exe=== C: other files ==2014-10-19 12:09:04 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\get.bat2014-10-19 12:09:04 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\prelim.bat2014-10-19 12:09:04 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\misc.bat2014-10-19 12:09:04 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\runvalues.bat2014-10-19 12:09:04 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\TDL4.bat2014-10-19 12:09:04 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\medfos.bat2014-10-19 12:09:04 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\surfvox.bat2014-10-19 12:09:04 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\searchlnk.bat2014-10-19 12:09:04 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\firefox.bat2014-10-19 12:09:04 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\ev_clear.bat2014-10-19 12:09:04 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\mws.bat2014-10-19 12:09:04 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\ask.bat2014-10-19 12:09:04 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\iexplore.bat2014-10-19 12:09:04 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\chrome.bat2014-10-19 12:09:04 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Jon\AppData\Local\Temp\jrt\delfolders.bat2014-10-14 20:06:39 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\System32\win32k.sys2014-10-14 20:06:16 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys2014-10-14 20:06:04 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\System32\drivers\appid.sys2014-10-14 20:04:28 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2014-10-14 20:04:27 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1942948493-3841869164-3304507751-1000\Software\Microsoft\Windows\CurrentVersion\Run]"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe""Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe""AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui""HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe""StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"HydraVisionDesktopManager"="C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe""Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe""BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe""SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update" ==== Startup Folders ====================== 2012-04-06 05:04:05 812 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/23/2014 04:31 PM]C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/22/2014 05:48 PM]C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/22/2014 05:48 PM]C:\Windows\tasks\HPCeeScheduleForJon.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\HPCeeScheduleForJon" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe"]"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{FDE836DF-C951-402D-A5AA-DD40AD4E7BDD}" [C:\Windows\system32\msfeedssync.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe]"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe]"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/14/2014 03:05 PM] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsgomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/14/2014 03:05 PM] Hot Virtual Keyboard Extension - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadlavast Online Security - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmkiDo Share - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf ==== Chromium Fix ====================== C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdejgojmfhngmomodldpdppfbhoajadl_0.localstorage deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bdejgojmfhngmomodldpdppfbhoajadl_0.localstorage-journal deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglhhmnmdocfhmhlekfdecokagmbchnf_0.localstorage deleted successfullyC:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglhhmnmdocfhmhlekfdecokagmbchnf_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCU New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD} deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=42 folders=21 14572635 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\Jon\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Jon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sun 10/19/2014 at 15:54:25.67 ======================

i cannot download this, when i click on the ".exe" download it just opens another window and in the middle it reads "The server closed connection without sending data"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014 Ran by Jon at 2014-10-19 10:42:37 Running from C:\Users\Jon\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve) Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3226 - CyberLink Corp.) CyberLink PowerDVD 10 (x32 Version: 10.0.1.3226 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard) HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig) Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.1.14 - Symantec Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD) RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden Raptr (HKLM-x32\...\Raptr) (Version: - ) Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden RoyaulShaoepperApp (HKLM-x32\...\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}) (Version: - "") <==== ATTENTION Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1942948493-3841869164-3304507751-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-10-2014 13:49:12 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {26016DE2-AE7B-467B-8589-9F91573164FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {3C7DA56C-6283-4B46-A337-7D17B0C0F810} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation) Task: {4CC40BE2-049B-4DA8-8F80-A3272E0B1F80} - System32\Tasks\HPCeeScheduleForJon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {50612851-DBE0-460D-BA39-BFA16631AEAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard) Task: {57D97D23-5FBE-4BBC-AD5B-3A4051BC2564} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation) Task: {69466D4C-8E4B-44BE-85CF-0AEB4D893D2E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {6FA937CD-5F44-43A9-9DD6-A1B9CB931D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {9EFA99DC-CB8C-4234-A76B-F439C8C2D3AF} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation) Task: {B6966DC3-35A2-48FF-BD82-344E9BFEF1FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard) Task: {B9E0A38B-B64C-4945-B8AD-820D7F3688C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {DAEECF71-A5C6-4644-9804-918FC4BCBE34} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software) Task: {E6B0F3EA-6FF4-445D-BA73-ECC1253E91E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {EE18292F-FA08-4C7D-B058-001660417CBC} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink) Task: {F99353EC-D9BA-4EB6-838B-E4E9018FA228} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForJon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2013-12-06 17:06 - 2013-12-06 17:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-08-14 15:05 - 2014-08-14 15:05 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-19 07:01 - 2014-10-19 07:01 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14101900\algo.dll 2011-05-11 18:17 - 2011-05-11 18:17 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll 2014-08-14 15:05 - 2014-08-14 15:05 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-02-21 17:32 - 2014-02-21 17:32 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-02-21 17:32 - 2014-02-21 17:32 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-02-21 17:32 - 2014-02-21 17:32 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-02-21 17:32 - 2014-02-21 17:32 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2012-02-06 15:28 - 2012-02-06 15:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd 2012-02-06 15:28 - 2012-02-06 15:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd 2012-02-06 15:28 - 2012-02-06 15:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd 2011-05-10 14:01 - 2011-05-10 14:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd 2014-02-21 17:32 - 2014-02-21 17:32 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd 2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll 2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-02-20 15:40 - 2014-02-20 15:40 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libcef.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libGLESv2.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\platforms\qwindows.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libEGL.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qgif.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qico.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qjpeg.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qmng.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qtiff.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick.2\qtquick2plugin.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick\Layouts\qquicklayoutsplugin.dll 2014-10-07 19:58 - 2014-10-07 19:58 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQml\Models.2\modelsplugin.dll 2014-09-09 18:31 - 2014-09-09 18:31 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll 2014-09-10 15:24 - 2014-09-03 22:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1942948493-3841869164-3304507751-500 - Administrator - Disabled) Guest (S-1-5-21-1942948493-3841869164-3304507751-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1942948493-3841869164-3304507751-1002 - Limited - Enabled) Jon (S-1-5-21-1942948493-3841869164-3304507751-1000 - Administrator - Enabled) => C:\Users\Jon ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/19/2014 07:18:33 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. Click-2-Run package registration failure. Error: (10/19/2014 07:18:33 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=CC8} The Application Virtualization Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft' (rc 2460420A-40002EFD, original rc 2460420A-40002EFD). System errors: ============= Microsoft Office Sessions: ========================= Error: (10/19/2014 07:18:33 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Click-2-Run package registration failure. Error: (10/19/2014 07:18:33 AM) (Source: Application Virtualization Client) (EventID: 5009) (User: ) Description: {tid=CC8} http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7130.5000.sft2460420A-40002EFD2460420A-40002EFD ==================== Memory info =========================== Processor: AMD FX-8120 Eight-Core Processor Percentage of memory in use: 41% Total physical RAM: 8159.88 MB Available physical RAM: 4793.79 MB Total Pagefile: 16317.94 MB Available Pagefile: 12050.49 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1845.66 GB) (Free:1727.37 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:16.88 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D5E15F59) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1845.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014 Ran by Jon (administrator) on JON-HP on 19-10-2014 10:42:11 Running from C:\Users\Jon\Downloads Loaded Profile: Jon (Available profiles: Jon) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe (AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5134\Battle.net.exe (Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard) HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD) HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-27] (Raptr, Inc) HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\MountPoints2: {db3d9fd8-92ba-11e3-9891-9cb70d9bf88b} - F:\VZW_Software_upgrade_assistant.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {D9F1BBCF-F50F-4AE8-B4A6-4B1434A3A7D0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D9F1BBCF-F50F-4AE8-B4A6-4B1434A3A7D0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D9F1BBCF-F50F-4AE8-B4A6-4B1434A3A7D0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF [2014-01-21] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-10-19] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-22] Chrome: ======= CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2014-09-22] CHR Extension: (avast! Online Security) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22] CHR Extension: (Coupon Digger) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip [2014-09-21] CHR Extension: (Do Share) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-10-08] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software) R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] () R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-21] (Symantec Corporation) [File not signed] R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-02-24] (Symantec Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-19] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-01-21] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-01-21] (Symantec Corporation) S3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-01-22] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 07:18 - 2014-10-19 07:18 - 00003107 _____ () C:\Users\Jon\Desktop\AdwCleaner[s0].txt 2014-10-19 07:15 - 2014-10-19 07:15 - 00002899 _____ () C:\Users\Jon\Desktop\JRT.txt 2014-10-19 07:13 - 2014-10-19 07:16 - 00000000 ____D () C:\AdwCleaner 2014-10-19 07:13 - 2014-10-19 07:13 - 01976320 _____ () C:\Users\Jon\Downloads\AdwCleaner.exe 2014-10-19 07:11 - 2014-10-19 07:11 - 00001832 _____ () C:\Users\Jon\Desktop\Malware.txt 2014-10-19 07:09 - 2014-10-19 07:09 - 00000000 ____D () C:\Windows\ERUNT 2014-10-19 07:08 - 2014-10-19 07:09 - 01705698 _____ (Thisisu) C:\Users\Jon\Downloads\JRT.exe 2014-10-17 15:30 - 2014-10-19 10:42 - 00018027 _____ () C:\Users\Jon\Downloads\FRST.txt 2014-10-17 15:30 - 2014-10-17 15:31 - 00039893 _____ () C:\Users\Jon\Downloads\Addition.txt 2014-10-17 15:29 - 2014-10-19 10:42 - 00000000 ____D () C:\FRST 2014-10-17 15:29 - 2014-10-17 15:29 - 02112000 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe 2014-10-14 15:06 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 15:06 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-14 15:06 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-14 15:06 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-14 15:06 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-14 15:06 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-14 15:06 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-14 15:06 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-14 15:06 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-14 15:06 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-14 15:06 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-14 15:06 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-14 15:06 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-14 15:06 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-14 15:06 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-14 15:06 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-14 15:06 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 15:06 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-14 15:06 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-14 15:06 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-14 15:06 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-14 15:06 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-14 15:06 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-14 15:06 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-14 15:06 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-14 15:06 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-14 15:06 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-14 15:06 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-14 15:06 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-14 15:06 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-14 15:06 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-14 15:06 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-14 15:06 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-14 15:06 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 15:06 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 15:05 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-14 15:05 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-14 15:05 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-14 15:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 15:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 15:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 15:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-14 15:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 15:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 15:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 15:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 15:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 15:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 15:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-14 15:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-14 15:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 15:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 15:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 15:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-14 15:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-14 15:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 15:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 15:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-14 15:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-14 15:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-14 15:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-14 15:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 15:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 15:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-14 15:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-14 15:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-14 15:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-14 15:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-14 15:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 15:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-14 15:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-14 15:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-14 15:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 15:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 15:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 15:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 15:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-14 15:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-14 15:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-14 15:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-14 15:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-14 15:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 15:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 15:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-14 15:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 15:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 15:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-14 15:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 15:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-14 15:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 15:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 15:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 15:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 15:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 15:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 15:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 15:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 15:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 15:04 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 15:04 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-14 15:04 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-14 15:04 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 15:04 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 15:04 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 15:04 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 15:04 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 15:04 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 15:04 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 15:04 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 15:04 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 15:04 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 15:04 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 15:04 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-09 17:07 - 2014-10-09 17:07 - 00000221 _____ () C:\Users\Jon\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url 2014-09-30 16:16 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 16:16 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-24 15:02 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-24 15:02 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-21 15:24 - 2014-10-09 15:21 - 00000000 ____D () C:\ProgramData\bc8b6c067af10e62 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-19 10:39 - 2014-08-26 16:43 - 00000000 ____D () C:\Users\Jon\AppData\Local\Battle.net 2014-10-19 10:31 - 2014-01-22 18:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-19 10:21 - 2014-01-22 17:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-10-19 10:21 - 2014-01-22 17:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-19 10:20 - 2014-01-21 17:39 - 01345216 _____ () C:\Windows\WindowsUpdate.log 2014-10-19 09:58 - 2014-06-30 19:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-19 08:51 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-19 08:51 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-19 08:45 - 2014-01-21 18:02 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FDE836DF-C951-402D-A5AA-DD40AD4E7BDD} 2014-10-19 07:22 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-19 07:18 - 2014-02-18 13:08 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Raptr 2014-10-19 07:17 - 2014-01-22 17:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-19 07:17 - 2012-04-06 00:07 - 00000000 ____D () C:\ProgramData\PDFC 2014-10-19 07:17 - 2010-11-20 22:47 - 00259104 _____ () C:\Windows\PFRO.log 2014-10-19 07:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-19 07:17 - 2009-07-13 23:51 - 00070249 _____ () C:\Windows\setupact.log 2014-10-18 12:36 - 2014-01-22 18:30 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft 2014-10-17 15:38 - 2014-06-30 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-17 15:38 - 2014-06-30 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-17 15:38 - 2014-01-22 17:42 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-17 15:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-10-16 15:08 - 2014-08-26 16:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-15 18:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 15:18 - 2014-02-05 13:38 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJon 2014-10-15 15:18 - 2014-02-05 13:38 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForJon.job 2014-10-15 15:10 - 2014-01-29 17:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-15 15:09 - 2014-02-13 05:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-15 14:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-15 14:57 - 2009-07-13 23:45 - 00265104 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 14:57 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-15 14:55 - 2014-05-06 20:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-14 19:16 - 2014-01-21 21:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-14 19:13 - 2014-01-21 21:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-11 19:24 - 2012-04-06 00:01 - 00046487 _____ () C:\Windows\DirectX.log 2014-10-11 19:22 - 2014-08-17 15:13 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-07 19:57 - 2014-07-03 17:06 - 00000000 ____D () C:\Users\Jon\AppData\Local\CrashDumps 2014-10-01 11:11 - 2014-06-30 19:06 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-01 11:11 - 2014-06-30 19:06 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-01 11:11 - 2014-01-22 17:42 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-24 16:28 - 2014-01-22 20:27 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-23 16:31 - 2014-01-22 18:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 16:31 - 2014-01-22 18:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 16:31 - 2012-04-06 00:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-23 11:52 - 2014-09-07 15:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-09-22 15:13 - 2012-04-05 23:51 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-09-22 15:12 - 2014-09-01 14:41 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager Some content of TEMP: ==================== C:\Users\Jon\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe C:\Users\Jon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvugppl.dll C:\Users\Jon\AppData\Local\Temp\Quarantine.exe C:\Users\Jon\AppData\Local\Temp\raptrpatch.exe C:\Users\Jon\AppData\Local\Temp\sp64126.exe C:\Users\Jon\AppData\Local\Temp\sqlite3.dll C:\Users\Jon\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 20:37 ==================== End Of Log ============================

so i ran all three tests and here are the results attached.. my browser still has multiple tabs opening and avast keeps telling me "Threat has been detected". When this comes up it says its in the Google Chrome files in Program86 AdwCleanerS0.txt Malware.txt JRT.txt

So im not sure if its Malware or Addware but when i open a google chrome browser multiple tabs randomly open and there is links highlighted in different words. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014Ran by Jon (administrator) on JON-HP on 17-10-2014 15:30:19Running from C:\Users\Jon\DownloadsLoaded Profile: Jon (Available profiles: Jon)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-27] (Raptr, Inc)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)HKU\S-1-5-21-1942948493-3841869164-3304507751-1000\...\MountPoints2: {db3d9fd8-92ba-11e3-9891-9cb70d9bf88b} - F:\VZW_Software_upgrade_assistant.exeAppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-09-01] ()AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-09-01] ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0B0Fzzzz0B0AtCyE0CtN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyCtB0D0E0FtBtBzztGzztCtDyBtG0DtA0F0EtGyDtDtAyBtGyB0EtByCzy0Bzy0EyC0F0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtC0DyBtAyC0EtG0ByD0DyBtGyEzy0EyEtG0ByByD0FtGtCyDtBzzzyyBzzyDyD0C0F0F2Q&cr=631278512&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0B0Fzzzz0B0AtCyE0CtN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyCtB0D0E0FtBtBzztGzztCtDyBtG0DtA0F0EtGyDtDtAyBtGyB0EtByCzy0Bzy0EyC0F0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtC0DyBtAyC0EtG0ByD0DyBtGyEzy0EyEtG0ByByD0FtGtCyDtBzzzyyBzzyDyD0C0F0F2Q&cr=631278512&ir=SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM - {D9F1BBCF-F50F-4AE8-B4A6-4B1434A3A7D0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 - {D9F1BBCF-F50F-4AE8-B4A6-4B1434A3A7D0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0B0Fzzzz0B0AtCyE0CtN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyCtB0D0E0FtBtBzztGzztCtDyBtG0DtA0F0EtGyDtDtAyBtGyB0EtByCzy0Bzy0EyC0F0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtC0DyBtAyC0EtG0ByD0DyBtGyEzy0EyEtG0ByByD0FtGtCyDtBzzzyyBzzyDyD0C0F0F2Q&cr=631278512&ir=SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0Dzy0B0Fzzzz0B0AtCyE0CtN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyCtB0D0E0FtBtBzztGzztCtDyBtG0DtA0F0EtGyDtDtAyBtGyB0EtByCzy0Bzy0EyC0F0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtC0DyBtAyC0EtG0ByD0DyBtGyEzy0EyEtG0ByByD0FtGtCyDtBzzzyyBzzyDyD0C0F0F2Q&cr=631278512&ir=SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKCU - {D9F1BBCF-F50F-4AE8-B4A6-4B1434A3A7D0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF [2014-01-21]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-10-17]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-22] Chrome: =======CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Hot Virtual Keyboard Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdejgojmfhngmomodldpdppfbhoajadl [2014-09-22]CHR Extension: (avast! SafePrice) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-14]CHR Extension: (avast! Online Security) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-22]CHR Extension: (Coupon Digger) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbllbcbdnfpemakidmbnadpfdfphnlip [2014-09-21]CHR Extension: (Do Share) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-10-08]CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-14]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2014-02-03]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-09-01] ()R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-21] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-21] (Symantec Corporation) [File not signed]R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-02-24] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-01-21] (Symantec Corporation)S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-01-21] (Symantec Corporation)S3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2014-01-22] (Symantec Corporation)R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 15:30 - 2014-10-17 15:30 - 00021808 _____ () C:\Users\Jon\Downloads\FRST.txt2014-10-17 15:29 - 2014-10-17 15:30 - 00000000 ____D () C:\FRST2014-10-17 15:29 - 2014-10-17 15:29 - 02112000 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe2014-10-14 15:06 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-14 15:06 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2014-10-14 15:06 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2014-10-14 15:06 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2014-10-14 15:06 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll2014-10-14 15:06 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2014-10-14 15:06 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2014-10-14 15:06 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe2014-10-14 15:06 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2014-10-14 15:06 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2014-10-14 15:06 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe2014-10-14 15:06 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2014-10-14 15:06 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2014-10-14 15:06 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys2014-10-14 15:06 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll2014-10-14 15:06 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll2014-10-14 15:06 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2014-10-14 15:06 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-10-14 15:06 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll2014-10-14 15:06 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-10-14 15:06 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-10-14 15:06 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx2014-10-14 15:06 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll2014-10-14 15:06 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL2014-10-14 15:06 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe2014-10-14 15:06 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-10-14 15:06 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys2014-10-14 15:06 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-10-14 15:06 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2014-10-14 15:06 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2014-10-14 15:06 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx2014-10-14 15:06 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll2014-10-14 15:06 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL2014-10-14 15:06 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-10-14 15:06 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-10-14 15:06 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-10-14 15:06 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-10-14 15:06 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-10-14 15:06 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2014-10-14 15:06 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2014-10-14 15:06 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll2014-10-14 15:06 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-14 15:06 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-14 15:06 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-14 15:05 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-14 15:05 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-14 15:05 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-14 15:05 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-14 15:05 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-14 15:05 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-14 15:05 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-14 15:05 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-14 15:05 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-14 15:05 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-14 15:05 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-14 15:05 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-14 15:05 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-14 15:05 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-14 15:05 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-14 15:05 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-14 15:05 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-14 15:05 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-14 15:05 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-14 15:05 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-14 15:05 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-14 15:05 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-14 15:05 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-14 15:05 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-14 15:05 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-14 15:05 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-14 15:05 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-14 15:05 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-14 15:05 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-14 15:05 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-14 15:05 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-14 15:05 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-14 15:05 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-14 15:05 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-14 15:05 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-14 15:05 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-14 15:05 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-14 15:05 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-14 15:05 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-14 15:05 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-14 15:05 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-14 15:05 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-14 15:05 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-14 15:05 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-14 15:05 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-14 15:05 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-14 15:05 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-14 15:05 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-14 15:05 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-14 15:05 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-14 15:05 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-14 15:05 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-14 15:05 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-14 15:05 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-14 15:05 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-14 15:05 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-14 15:05 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-14 15:05 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-14 15:05 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-14 15:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-14 15:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-14 15:04 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-14 15:04 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-14 15:04 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-14 15:04 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-14 15:04 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-14 15:04 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-14 15:04 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll2014-10-14 15:04 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2014-10-14 15:04 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-14 15:04 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-14 15:04 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-14 15:04 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-14 15:04 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-14 15:04 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-14 15:04 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-14 15:04 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-14 15:04 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-14 15:04 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-14 15:04 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-14 15:04 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-09 17:07 - 2014-10-09 17:07 - 00000221 _____ () C:\Users\Jon\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url2014-10-08 16:00 - 2014-10-08 16:44 - 00000000 ____D () C:\ProgramData\RoyaulShaoepperApp2014-09-30 16:16 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-09-30 16:16 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-24 15:02 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-24 15:02 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-09-22 15:35 - 2014-09-24 16:27 - 00000000 ____D () C:\ProgramData\CoolSaleCoouipon2014-09-21 19:23 - 2014-09-21 19:23 - 00000000 ____D () C:\ProgramData\WorldWideWebCoupon2014-09-21 15:24 - 2014-10-09 15:21 - 00000000 ____D () C:\ProgramData\bc8b6c067af10e62 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 15:21 - 2014-01-22 17:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-17 15:18 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-17 15:18 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-17 15:06 - 2014-01-21 17:39 - 01296731 _____ () C:\Windows\WindowsUpdate.log2014-10-17 15:05 - 2014-01-22 17:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-10-17 15:05 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-17 15:01 - 2014-02-18 13:08 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Raptr2014-10-17 15:01 - 2012-04-06 00:07 - 00000000 ____D () C:\ProgramData\PDFC2014-10-17 15:00 - 2014-01-22 17:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-17 15:00 - 2010-11-20 22:47 - 00258440 _____ () C:\Windows\PFRO.log2014-10-17 15:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-17 15:00 - 2009-07-13 23:51 - 00070081 _____ () C:\Windows\setupact.log2014-10-17 15:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports2014-10-16 20:58 - 2014-08-26 16:43 - 00000000 ____D () C:\Users\Jon\AppData\Local\Battle.net2014-10-16 20:31 - 2014-06-30 19:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-16 20:31 - 2014-01-22 18:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-16 19:05 - 2014-01-21 18:02 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FDE836DF-C951-402D-A5AA-DD40AD4E7BDD}2014-10-16 15:08 - 2014-08-26 16:42 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-10-15 18:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-15 15:18 - 2014-02-05 13:38 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJon2014-10-15 15:18 - 2014-02-05 13:38 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForJon.job2014-10-15 15:10 - 2014-01-29 17:08 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-10-15 15:09 - 2014-02-13 05:56 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-10-15 14:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-10-15 14:57 - 2009-07-13 23:45 - 00265104 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-15 14:57 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-10-15 14:55 - 2014-05-06 20:05 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism2014-10-15 14:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism2014-10-14 19:16 - 2014-01-21 21:15 - 00000000 ____D () C:\Windows\system32\MRT2014-10-14 19:13 - 2014-01-21 21:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-14 15:04 - 2014-01-22 18:30 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2014-10-11 19:24 - 2012-04-06 00:01 - 00046487 _____ () C:\Windows\DirectX.log2014-10-11 19:22 - 2014-08-17 15:13 - 00000000 ____D () C:\Program Files (x86)\Steam2014-10-07 19:57 - 2014-07-03 17:06 - 00000000 ____D () C:\Users\Jon\AppData\Local\CrashDumps2014-09-24 16:28 - 2014-01-22 20:27 - 00000000 ___HD () C:\Windows\msdownld.tmp2014-09-23 16:31 - 2014-01-22 18:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-09-23 16:31 - 2014-01-22 18:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-09-23 16:31 - 2012-04-06 00:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-09-23 11:52 - 2014-09-07 15:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III2014-09-22 15:13 - 2014-09-01 14:41 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro2014-09-22 15:13 - 2012-04-05 23:51 - 00000000 ____D () C:\Windows\Downloaded Installations2014-09-22 15:12 - 2014-09-01 14:41 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager2014-09-18 15:16 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\SoftGrid Client Some content of TEMP:====================C:\Users\Jon\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exeC:\Users\Jon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvugppl.dllC:\Users\Jon\AppData\Local\Temp\raptrpatch.exeC:\Users\Jon\AppData\Local\Temp\sp64126.exeC:\Users\Jon\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 20:37 ==================== End Of Log ============================Addition.txt

Honestly, this problem revolves around a game. I cannot connect to it and I'm told its because I still have scorpion saver located somewhere on my computer.

so in your professional expert opinion, what's my next step?