h90 Posted October 27, 2014 ID:896906 Share Posted October 27, 2014 My computer has had something happen to it earlier today. I was surfing the web one minute, then the next, I start getting this page cannot be displayed message. It only happens on some pages. Google, facebook, ebay, and even this forum, won't come up. I'm currently borrowing a laptop just so I can get help. I restarted my computer, hoping to fix the issue. I got a white screen with a cursor and working task manager. I restarted again and my desktop came up fine, but it said run dll error d7f7a0ef.cpp missing module could not be specified. When the page cannot be displayed error comes up, the search bar will say res://ieframe.dll/dnserror.htm instead of the website I was trying to see. When I try to do a system restor, it goes through the motions and even restarts the computer, but when I sign in, it says system restore not successful, your files were not changed. When I try to go into safe mode, the computer automatically restarts when it gets to the sign in. (EVERY TIME) Thanks in advance! Link to post Share on other sites More sharing options...
Naathim Posted October 27, 2014 ID:896963 Share Posted October 27, 2014 My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following:Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me!There are no silly questions. Never be afraid to ask if in doubt!Let's start and enjoy the fight! Rules and policiesWe won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Malwarebytes' Anti-MalwarePlease download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool and save it to your Desktop.There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.When the tool opens click Yes to disclaimer.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
h90 Posted October 27, 2014 Author ID:897099 Share Posted October 27, 2014 Unfortunately, malwarebytes crashes my computer every time I quarantine files, forcing me to do a system restore. As I said, I can't do a system restore or start in safe mode. When I can do that, I will run malwarebytes. I have downloaded and run FRST and here are the logs. Thank you for the help. The additional log is attached (sorry) The post was too big.Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014Ran by carol (administrator) on HEATHERLAND on 27-10-2014 09:45:47Running from K:\Loaded Profile: carol (Available profiles: carol)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(WinZip Computing, S.L.) C:\Program Files\1-click run\WinZip Pro 17.5 Build 10480 (64bit)\WZQKPICK32.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe(Microsoft Corporation) C:\Windows\System32\prevhost.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyHKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silentHKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [DAEMON Tools Lite] => C:\Users\carol\Documents\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [iLivid] => "C:\Program Files (x86)\iLivid\iLivid.exe" -autorunHKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\MountPoints2: F - F:\LaunchU3.exe -aHKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\MountPoints2: {a2af22ce-38ee-11e1-a291-b870f4dec829} - K:\LaunchU3.exe -aHKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\MountPoints2: {dae761db-ca0b-11e2-80fd-a5809c2f8336} - E:\Autorun.exeHKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe [417480 2012-07-03] (Adobe Systems Incorporated)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnkShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\1-click run\WinZip Pro 17.5 Build 10480 (64bit)\WZQKPICK32.EXE (WinZip Computing, S.L.)Startup: C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnkShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D8840E583F1CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U162SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=99a40741-2b3c-46e6-9030-a301e99db4f7&searchtype=ds&q={searchTerms}&installDate=20/06/2013BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No FileBHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Fast Free Converter 4.1 -> {8232785C-5C98-4A6E-B7B4-911FFBED7582} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL No FileBHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileToolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKCU - No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No FileToolbar: HKCU - No Name - {16BB67E0-6319-4077-BE84-F41269E051F3} - No FileToolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No FileDPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/stg_drm.ocxDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No FileFF Plugin-x32: @ei.Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5qEI\Installr\1.bin\NP5qEISB.dll No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\carol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.binFF Extension: My Web Search - C:\Program Files (x86)\MyWebSearch\bar\1.bin [2013-09-17]FF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ffFF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ffFF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home311.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ffFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-15]FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtensionChrome:=======CHR Profile: C:\Users\carol\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (FTdownloader V4.0) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok [2013-06-14]CHR Extension: (SiteAdvisor) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-04-16]CHR Extension: (Plus-HD-1.6) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh [2013-11-06]CHR Extension: (Torntv 2) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje [2013-06-10]CHR Extension: (GoPhoto.it) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-06-10]CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []CHR HKLM-x32\...\Chrome\Extension: [bffjccobdichdckaoldboabfigpbokfa] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta548\ch\VideoPlayerV3beta548.crx []CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx []CHR HKLM-x32\...\Chrome\Extension: [fpjimchmoknjabnkkchcaimpdfdhfdif] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ch\MediaWatchV1home311.crx []CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [jclikickahdnaiaonplibfidddddiapk] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha71\ch\MediaViewerV1alpha71.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [kemphmeilhpkpfgghpcffekcicoelbca] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha235\ch\WebexpEnhancedV1alpha235.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-10-23]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S4 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)S2 Winmgmt; C:\ProgramData\FE0A7F7D.dot [332800 2014-10-10] () [File not signed]S4 MyWebSearchService; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [X]S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-23] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [82768 2014-10-23] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-23] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-23] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049920 2014-10-23] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-23] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-23] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-23] ()R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]S3 vdrive; system32\DRIVERS\vdrive.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-27 09:28 - 2014-10-27 09:45 - 00000000 ____D () C:\FRST2014-10-27 00:17 - 2014-10-27 00:17 - 00000000 ____D () C:\Users\carol\AppData\Roaming\124162014-10-26 21:35 - 2014-10-26 21:35 - 88052844 _____ () C:\Users\carol\Downloads\Lunar Knights.zip2014-10-26 15:10 - 2014-10-26 15:10 - 00000000 __SHD () C:\Users\carol\AppData\Local\EmieUserList2014-10-26 15:10 - 2014-10-26 15:10 - 00000000 __SHD () C:\Users\carol\AppData\Local\EmieSiteList2014-10-26 14:07 - 2014-10-26 14:07 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-26 14:07 - 2014-10-26 14:07 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-26 14:07 - 2014-10-26 14:07 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-26 14:07 - 2014-10-26 14:07 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-26 14:07 - 2014-10-26 14:07 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2014-10-26 14:07 - 2014-10-26 14:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-10-26 14:07 - 2014-10-26 14:07 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-10-26 14:07 - 2014-10-26 14:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-10-26 14:06 - 2014-10-26 14:06 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-26 14:06 - 2014-10-26 14:06 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-26 14:06 - 2014-10-26 14:06 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-26 14:06 - 2014-10-26 14:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-26 14:06 - 2014-10-26 14:06 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-26 14:06 - 2014-10-26 14:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat2014-10-26 14:06 - 2014-10-26 14:06 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2014-10-26 14:06 - 2014-10-26 14:06 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2014-10-26 14:06 - 2014-10-26 14:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-26 14:04 - 2014-10-26 14:04 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-10-26 13:59 - 2014-10-26 14:11 - 00008672 _____ () C:\Windows\IE11_main.log2014-10-26 13:31 - 2014-05-15 11:24 - 01351168 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll2014-10-26 13:29 - 2014-10-26 13:29 - 00754529 _____ () C:\Users\carol\Downloads\gdiplus.zip2014-10-26 13:29 - 2014-10-26 13:29 - 00000000 ____D () C:\Users\carol\Downloads\gdiplus2014-10-25 19:18 - 2014-10-25 19:18 - 00754608 _____ ( ) C:\Users\carol\Downloads\CR_Downloader_for_harvest-moon---back-to-nature.exe2014-10-25 15:05 - 2014-10-25 15:05 - 00000000 ____D () C:\Users\carol\AppData\Local\{C9CABFB9-F377-4B82-B8B3-2BE450039E14}2014-10-25 09:20 - 2014-10-25 09:20 - 00001373 _____ () C:\Users\carol\Desktop\dpgplay - Shortcut.lnk2014-10-23 22:24 - 2014-10-23 22:24 - 00002050 _____ () C:\Users\carol\Desktop\Xilisoft DPG Converter.lnk2014-10-23 22:24 - 2014-10-23 22:24 - 00000000 ____D () C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft2014-10-23 22:23 - 2014-10-23 22:23 - 00000000 ____D () C:\Users\carol\AppData\Roaming\Xilisoft2014-10-23 22:23 - 2014-10-23 22:23 - 00000000 ____D () C:\Program Files (x86)\Xilisoft2014-10-23 21:05 - 2014-10-23 21:05 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-10-23 21:05 - 2014-10-23 21:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-10-21 19:19 - 2014-10-21 19:20 - 00000000 ____D () C:\Users\carol\AppData\Local\{0A08C9E9-B91E-4D4D-8F69-2F020B073273}2014-10-19 16:48 - 2014-10-25 09:20 - 00000000 ____D () C:\Users\carol\Desktop\Emulators to play on ds2014-10-17 11:57 - 2014-10-17 11:58 - 00000000 ____D () C:\Users\carol\AppData\Local\{43E9153D-F4BA-4E1E-93C6-556960F4256A}2014-10-15 14:40 - 2014-10-15 14:43 - 00000000 ____D () C:\Users\carol\Documents\Assurance Wireless Documents 10-14-20142014-10-10 16:42 - 2014-10-10 16:42 - 00332800 ____T () C:\ProgramData\FE0A7F7D.dot2014-10-10 10:03 - 2014-10-10 10:03 - 00000000 ____D () C:\Users\carol\Documents\Games2014-10-06 19:01 - 2014-10-06 19:01 - 00000000 ____D () C:\Users\carol\AppData\Local\{1627B9DD-4F5B-498C-ACFC-3FFDF305E96F}2014-09-30 14:15 - 2014-09-30 14:15 - 00000000 ____D () C:\Users\carol\AppData\Local\{94936BEA-C469-4141-8045-3BDC9B737A0B}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-27 09:37 - 2014-06-08 10:53 - 00000000 ____D () C:\Users\carol\AppData\Roaming\uTorrent2014-10-27 09:27 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-27 09:27 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-27 05:15 - 2011-08-13 19:34 - 01855936 _____ () C:\Windows\WindowsUpdate.log2014-10-27 05:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-27 02:01 - 2013-03-04 17:38 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}2014-10-26 23:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-26 18:53 - 2014-06-15 21:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-10-26 18:50 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-26 18:50 - 2009-07-13 23:51 - 00021491 _____ () C:\Windows\setupact.log2014-10-26 14:58 - 2011-12-26 18:30 - 00001424 _____ () C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-10-26 14:54 - 2010-11-20 22:47 - 00991370 _____ () C:\Windows\PFRO.log2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-10-26 13:51 - 2013-03-06 01:28 - 00000000 ____D () C:\ProgramData\Yahoo!2014-10-26 13:51 - 2013-03-06 01:28 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2014-10-26 13:19 - 2009-07-13 23:45 - 05101016 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-26 00:05 - 2014-06-08 13:55 - 00000000 ____D () C:\Users\carol\Documents\utorrent2014-10-24 23:12 - 2013-07-26 22:39 - 00000000 ____D () C:\Users\carol\Documents\Calibre Library2014-10-24 23:11 - 2013-07-26 23:08 - 00000000 ____D () C:\Users\carol\Documents\My Kindle Content2014-10-24 19:26 - 2009-07-14 00:13 - 00794950 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-24 19:24 - 2012-01-07 21:12 - 00773522 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-10-24 19:13 - 2013-05-22 22:09 - 00000000 ____D () C:\ProgramData\Razer2014-10-23 22:41 - 2013-08-10 15:12 - 00002100 _____ () C:\Users\carol\Documents\desmume.ini2014-10-23 22:33 - 2013-03-07 00:53 - 00000000 ____D () C:\Users\carol\AppData\Roaming\vlc2014-10-23 21:05 - 2014-06-15 22:10 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-10-23 21:05 - 2014-06-15 22:10 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-10-23 21:05 - 2014-06-15 21:29 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-10-21 19:21 - 2011-12-26 18:30 - 00000000 ____D () C:\Users\carol\AppData\Local\Windows Live2014-10-18 09:51 - 2014-07-11 15:49 - 00000000 ____D () C:\Users\carol\Desktop\Temp2014-10-18 09:16 - 2009-07-14 00:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-10-14 20:40 - 2013-07-26 22:39 - 00000000 ____D () C:\Users\carol\Documents\Battery2014-10-02 15:53 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-28 22:45 - 2013-12-29 14:12 - 00000000 ____D () C:\Users\carol\Documents\Skyrim ModsSome content of TEMP:====================C:\Users\carol\AppData\Local\Temp\applinstall.exeC:\Users\carol\AppData\Local\Temp\AVG-Safeguard.exeC:\Users\carol\AppData\Local\Temp\bassmod.dllC:\Users\carol\AppData\Local\Temp\bfguni.exeC:\Users\carol\AppData\Local\Temp\CheatEngine62Clean.exeC:\Users\carol\AppData\Local\Temp\EAD473C.exeC:\Users\carol\AppData\Local\Temp\GenericUninstall.exeC:\Users\carol\AppData\Local\Temp\GLF9031.EXEC:\Users\carol\AppData\Local\Temp\GLFA1CA.EXEC:\Users\carol\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exeC:\Users\carol\AppData\Local\Temp\guninst.exeC:\Users\carol\AppData\Local\Temp\helper.exeC:\Users\carol\AppData\Local\Temp\HPInstaller.exeC:\Users\carol\AppData\Local\Temp\hsbing_717_active.exeC:\Users\carol\AppData\Local\Temp\htmlayout.dllC:\Users\carol\AppData\Local\Temp\ICReinstall_CR_Downloader_for_arthur-and-the-invisibles---the-game.exeC:\Users\carol\AppData\Local\Temp\ICReinstall_CR_Downloader_for_banjo-kazooie---grunty's-revenge.exeC:\Users\carol\AppData\Local\Temp\ICReinstall_CR_Downloader_for_disney-frozen-olaf's-quest-(europe).exeC:\Users\carol\AppData\Local\Temp\ICReinstall_CR_Downloader_for_legend-of-spyro---a-new-beginning.exeC:\Users\carol\AppData\Local\Temp\ICReinstall_CR_Downloader_for_okamiden.exeC:\Users\carol\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-platinum.exeC:\Users\carol\AppData\Local\Temp\ICReinstall_CR_Downloader_for_tales-of-phantasia.exeC:\Users\carol\AppData\Local\Temp\installerdll.dllC:\Users\carol\AppData\Local\Temp\installhelper.dllC:\Users\carol\AppData\Local\Temp\install_flash_player.exeC:\Users\carol\AppData\Local\Temp\lfhyw_ws.dllC:\Users\carol\AppData\Local\Temp\Microsoft.Win32.TaskScheduler.dllC:\Users\carol\AppData\Local\Temp\nsisdt.dllC:\Users\carol\AppData\Local\Temp\nsz25A1.tmp.tbProd.dllC:\Users\carol\AppData\Local\Temp\oi_{83BD74F8-9556-4A51-91D6-5EE00320637F}.exeC:\Users\carol\AppData\Local\Temp\oi_{90E843EB-404A-417A-9AFB-31D840F31336}.exeC:\Users\carol\AppData\Local\Temp\OkozoDesktopInstaller.exeC:\Users\carol\AppData\Local\Temp\SpotifyUninstall.exeC:\Users\carol\AppData\Local\Temp\sqlite3.exeC:\Users\carol\AppData\Local\Temp\SRAssetsHelper.dllC:\Users\carol\AppData\Local\Temp\SymCCIS.dllC:\Users\carol\AppData\Local\Temp\tbFLV_.dllC:\Users\carol\AppData\Local\Temp\tbGame.dllC:\Users\carol\AppData\Local\Temp\tbPro0.dllC:\Users\carol\AppData\Local\Temp\tbWhit.dllC:\Users\carol\AppData\Local\Temp\tbwise.dllC:\Users\carol\AppData\Local\Temp\Tsu3788C82D.dllC:\Users\carol\AppData\Local\Temp\Tsu381C92C7.dllC:\Users\carol\AppData\Local\Temp\Tsu5FCEA10A.dllC:\Users\carol\AppData\Local\Temp\TsuE446B391.dllC:\Users\carol\AppData\Local\Temp\uninst1.exeC:\Users\carol\AppData\Local\Temp\UNINSTALL.EXEC:\Users\carol\AppData\Local\Temp\uninstall25480454.exeC:\Users\carol\AppData\Local\Temp\UninstallEADM.dllC:\Users\carol\AppData\Local\Temp\uninstaller.exeC:\Users\carol\AppData\Local\Temp\vcredist_x64.exeC:\Users\carol\AppData\Local\Temp\vlc-2.0.6-win32.exeC:\Users\carol\AppData\Local\Temp\vlc-2.0.7-win32.exeC:\Users\carol\AppData\Local\Temp\vlc-2.0.8-win32.exeC:\Users\carol\AppData\Local\Temp\vlc-2.1.1-win32.exeC:\Users\carol\AppData\Local\Temp\vlc-2.1.2-win32.exeC:\Users\carol\AppData\Local\Temp\vlc-2.1.3-win32.exeC:\Users\carol\AppData\Local\Temp\WSSetup.exeC:\Users\carol\AppData\Local\Temp\ytb_8.5.3.16_2.5.9-1_bts_pub_us_setup_.exeC:\Users\carol\AppData\Local\Temp\_is7881.exeC:\Users\carol\AppData\Local\Temp\{96ED9403-6D20-4B16-AB1F-2DE154F03F7A}.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.C:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-10-26 02:17==================== End Of Log ============================Addition.txt Link to post Share on other sites More sharing options...
Naathim Posted October 27, 2014 ID:897257 Share Posted October 27, 2014 missing letimate svchost file... Scan with ComboFixThis is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own!Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Don't forget to re-enable your previously switched-off protection software! Link to post Share on other sites More sharing options...
h90 Posted October 27, 2014 Author ID:897335 Share Posted October 27, 2014 I ran the combofix it went fine at first and now I am getting errors: backup of the current registry file C:\windows\system 32\config\system... I clicked yes then new: error restoring C:windows\erdnt\subs\system ect. Shoud i continue pressing yes untill i get the log and then restart or restart now? Link to post Share on other sites More sharing options...
Naathim Posted October 27, 2014 ID:897343 Share Posted October 27, 2014 No, please stop. Use RogueKiller instead. Scan with RogueKillerPlease download RogueKiller and save the file to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.Accept the Terms of use.When the Scan button becomes available, please click it. RogueKiller will start a full scan.Let this process run uninterrupted!.When finished, a Report button will become available. Click it. You will be presented with a logfile.Please include the content of this logfile in your next reply. Link to post Share on other sites More sharing options...
h90 Posted October 27, 2014 Author ID:897344 Share Posted October 27, 2014 Thank you, I will restart now and do that now Link to post Share on other sites More sharing options...
Naathim Posted October 27, 2014 ID:897366 Share Posted October 27, 2014 Fine, please post when ready Link to post Share on other sites More sharing options...
h90 Posted October 27, 2014 Author ID:897376 Share Posted October 27, 2014 When I restarted combofix made a log i will post it below, with the rk report.... also i only have 6 proc. running in my task manager when i went to look at the avast icon by my clock to disable it, it wasnt present, so I went into options to show the icon and it had an error saying it wasnt available thank you for the help.ComboFix 14-10-27.01 - carol 10/27/2014 15:58:54.1.2 - x64Running from: c:\users\carol\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\datac:\data\570hcedryxx_o\us_sres.datac:\program files (x86)\FunWebProductsc:\program files (x86)\MyWebSearchc:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFESTc:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JARc:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPGc:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCRc:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMVc:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DATc:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNGc:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDFc:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLLc:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3Sc:\program files (x86)\MyWebSearch\bar\gen1\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\icons\CM.ICOc:\program files (x86)\MyWebSearch\bar\icons\MFC.ICOc:\program files (x86)\MyWebSearch\bar\icons\PSS.ICOc:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICOc:\program files (x86)\MyWebSearch\bar\icons\WB.ICOc:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICOc:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\jsifb\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3Sc:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Settings\s_pid.datc:\program files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3Sc:\program files (x86)\SafeSaverc:\programdata\FE0A7F7D.dotc:\programdata\Microsoft\Windows\Start Menu\Programs\1964.lnkc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbhc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\background.htmlc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\crossriderManifest.jsonc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\manifest.xmlc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins.jsonc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\1_base.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\101_cortica_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\102_dealply_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\103_intext_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\104_jollywallet_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\105_corticas_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\107_coupish_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\108_icm_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\116_ads_only_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\117_coupons_intext_ads_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\119_similar_web_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\120_luck_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\123_intext_adv_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\125_arcadi2_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\126_revizer_ws_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\127_revizer_p_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\128_superfish_pricora_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\129_widdit_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\13_CrossriderAppUtils.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\135_arcadi3_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\138_getdeal_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\14_CrossriderUtils.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\141_corticas_ru_m.js.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\142_intext_fa_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\155_ibario_pops_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\159_cortica_rollover_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\17_jQuery.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\170_icm1_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\171_arcadi2_sourceID_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\19_CHAppAPIWrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\21_debug.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\22_resources.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\28_initializer.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\4_jquery_1_7_1.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\47_resources_background.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\64_appApiMessage.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\7_hooks.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\72_appApiValidation.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\78_CrossriderInfo.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\80_CHPopupAppAPI.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\87_ginyas_wrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\9_search_engine_hook.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\91_monetizationLoader.js.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\92_superfish_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\93_superfish_no_coupons_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\97_resourceApiWrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\userCode\background.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\userCode\extension.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\actions\1.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\icon128.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\icon16.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\icon48.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\chrome.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\cookie.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\message.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\pageAction.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\pageActionBG.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\background.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\app_api.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\bg_app_api.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\consts.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\cookie_store.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\crossriderAPI.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\delegate.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\events.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\extensionDataStore.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\installer.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\logFile.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\logging.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\onBGDocumentLoad.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\popupResource\newPopup.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\popupResource\popup.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\reports.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\storageWrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\updateManager.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\util.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\xhr.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\main.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\manifest.jsonc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\popup.htmlc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\windows\SysWow64\Cachec:\windows\SysWow64\Cache\075884af680ff6dc.fbc:\windows\SysWow64\Cache\227113dfa1ca894d.fbc:\windows\SysWow64\Cache\49fbbc5a8678d502.fbc:\windows\SysWow64\Cache\544d3763667b7517.fbc:\windows\SysWow64\Cache\5c54eb1a1655b076.fbc:\windows\SysWow64\Cache\613e8ce7ab7106af.fbc:\windows\SysWow64\Cache\633a76311867bd11.fbc:\windows\SysWow64\Cache\691f14230153a9e1.fbc:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fbc:\windows\SysWow64\Cache\7614bd6cfa99e546.fbc:\windows\SysWow64\Cache\77664b6ccc36be9f.fbc:\windows\SysWow64\Cache\881b3593316772f0.fbc:\windows\SysWow64\Cache\93bd12f543e8941c.fbc:\windows\SysWow64\Cache\98657d0579ae1930.fbc:\windows\SysWow64\Cache\9e58cc671d73321c.fbc:\windows\SysWow64\Cache\d2561ac7a10b5439.fbc:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fbc:\windows\SysWow64\Cache\d9ca663388d21ec0.fbc:\windows\SysWow64\Cache\f2cda51fd108941f.fbc:\windows\SysWow64\Cache\f34d8db84131d925.fb..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_MyWebSearchService..((((((((((((((((((((((((( Files Created from 2014-09-27 to 2014-10-27 )))))))))))))))))))))))))))))))..2014-10-27 21:25 . 2014-10-27 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp2014-10-27 14:28 . 2014-10-27 14:49 -------- d-----w- C:\FRST RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : carol [Administrator]Mode : Scan -- Date : 10/27/2014 17:22:12¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 21 ¤¤¤[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater14.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater14.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe) -> Found[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater14.2.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe) -> Found[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1649277139-1060227582-4263488454-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=U162 -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1649277139-1060227582-4263488454-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=U162 -> Found[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1649277139-1060227582-4263488454-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1649277139-1060227582-4263488454-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \\4710 -- wscript.exe (C:\Users\carol\AppData\Local\Temp\launchie.vbs //B) -> Found¤¤¤ Files : 0 ¤¤¤¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT1 +++++--- User ---[MBR] 2d58974e41812b79660b1d604321824d[bSP] 33228e524207863896629ccc44cfff0a : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 37750784 | Size: 100 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++--- User ---[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. ) Link to post Share on other sites More sharing options...
Naathim Posted October 28, 2014 ID:897629 Share Posted October 28, 2014 Is this all that was generated by ComboFix? PLease check once more C:\ComboFix.txt logfile. Link to post Share on other sites More sharing options...
h90 Posted October 28, 2014 Author ID:897708 Share Posted October 28, 2014 Sorry here is the log again.ComboFix 14-10-27.01 - carol 10/27/2014 15:58:54.1.2 - x64Running from: c:\users\carol\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\datac:\data\570hcedryxx_o\us_sres.datac:\program files (x86)\FunWebProductsc:\program files (x86)\MyWebSearchc:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFESTc:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JARc:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPGc:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCRc:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMVc:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DATc:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNGc:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDFc:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXEc:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLLc:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLLc:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3Sc:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3Sc:\program files (x86)\MyWebSearch\bar\gen1\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\icons\CM.ICOc:\program files (x86)\MyWebSearch\bar\icons\MFC.ICOc:\program files (x86)\MyWebSearch\bar\icons\PSS.ICOc:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICOc:\program files (x86)\MyWebSearch\bar\icons\WB.ICOc:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICOc:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\jsifb\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3Sc:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3Sc:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3Sc:\program files (x86)\MyWebSearch\bar\Settings\s_pid.datc:\program files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3Sc:\program files (x86)\SafeSaverc:\programdata\FE0A7F7D.dotc:\programdata\Microsoft\Windows\Start Menu\Programs\1964.lnkc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbhc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\background.htmlc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\crossriderManifest.jsonc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\manifest.xmlc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins.jsonc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\1_base.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\101_cortica_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\102_dealply_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\103_intext_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\104_jollywallet_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\105_corticas_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\107_coupish_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\108_icm_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\116_ads_only_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\117_coupons_intext_ads_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\119_similar_web_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\120_luck_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\123_intext_adv_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\125_arcadi2_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\126_revizer_ws_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\127_revizer_p_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\128_superfish_pricora_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\129_widdit_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\13_CrossriderAppUtils.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\135_arcadi3_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\138_getdeal_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\14_CrossriderUtils.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\141_corticas_ru_m.js.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\142_intext_fa_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\155_ibario_pops_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\159_cortica_rollover_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\17_jQuery.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\170_icm1_5_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\171_arcadi2_sourceID_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\19_CHAppAPIWrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\21_debug.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\22_resources.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\28_initializer.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\4_jquery_1_7_1.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\47_resources_background.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\64_appApiMessage.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\7_hooks.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\72_appApiValidation.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\78_CrossriderInfo.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\80_CHPopupAppAPI.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\87_ginyas_wrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\9_search_engine_hook.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\91_monetizationLoader.js.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\92_superfish_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\93_superfish_no_coupons_m.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\97_resourceApiWrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\userCode\background.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\userCode\extension.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\actions\1.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\icon128.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\icon16.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\icons\icon48.pngc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\chrome.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\cookie.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\message.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\pageAction.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\pageActionBG.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\background.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\app_api.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\bg_app_api.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\consts.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\cookie_store.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\crossriderAPI.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\delegate.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\events.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\extensionDataStore.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\installer.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\logFile.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\logging.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\onBGDocumentLoad.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\popupResource\newPopup.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\popupResource\popup.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\reports.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\storageWrapper.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\updateManager.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\util.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\xhr.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\main.jsc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\manifest.jsonc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\popup.htmlc:\users\carol\AppData\Local\Google\Chrome\User Data\Default\Preferencesc:\windows\SysWow64\Cachec:\windows\SysWow64\Cache\075884af680ff6dc.fbc:\windows\SysWow64\Cache\227113dfa1ca894d.fbc:\windows\SysWow64\Cache\49fbbc5a8678d502.fbc:\windows\SysWow64\Cache\544d3763667b7517.fbc:\windows\SysWow64\Cache\5c54eb1a1655b076.fbc:\windows\SysWow64\Cache\613e8ce7ab7106af.fbc:\windows\SysWow64\Cache\633a76311867bd11.fbc:\windows\SysWow64\Cache\691f14230153a9e1.fbc:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fbc:\windows\SysWow64\Cache\7614bd6cfa99e546.fbc:\windows\SysWow64\Cache\77664b6ccc36be9f.fbc:\windows\SysWow64\Cache\881b3593316772f0.fbc:\windows\SysWow64\Cache\93bd12f543e8941c.fbc:\windows\SysWow64\Cache\98657d0579ae1930.fbc:\windows\SysWow64\Cache\9e58cc671d73321c.fbc:\windows\SysWow64\Cache\d2561ac7a10b5439.fbc:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fbc:\windows\SysWow64\Cache\d9ca663388d21ec0.fbc:\windows\SysWow64\Cache\f2cda51fd108941f.fbc:\windows\SysWow64\Cache\f34d8db84131d925.fb..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_MyWebSearchService..((((((((((((((((((((((((( Files Created from 2014-09-27 to 2014-10-27 )))))))))))))))))))))))))))))))..2014-10-27 21:25 . 2014-10-27 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp2014-10-27 14:28 . 2014-10-27 14:49 -------- d-----w- C:\FRST2014-10-27 05:17 . 2014-10-27 05:17 -------- d-----w- c:\users\carol\AppData\Roaming\124162014-10-26 20:10 . 2014-10-26 20:10 -------- d-sh--w- c:\users\carol\AppData\Local\EmieUserList2014-10-26 20:10 . 2014-10-26 20:10 -------- d-sh--w- c:\users\carol\AppData\Local\EmieSiteList2014-10-26 19:06 . 2014-10-26 19:06 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2014-10-26 19:04 . 2014-10-26 19:04 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-10-26 18:31 . 2014-05-15 16:24 1351168 ----a-w- c:\windows\system32\GdiPlus.dll2014-10-25 10:01 . 2014-10-27 02:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F6BBF80-64D1-41CE-B2B8-3C7B90AA4BA3}\offreg.dll2014-10-25 09:59 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F6BBF80-64D1-41CE-B2B8-3C7B90AA4BA3}\mpengine.dll2014-10-24 03:23 . 2014-10-24 03:23 -------- d-----w- c:\users\carol\AppData\Roaming\Xilisoft2014-10-24 03:23 . 2014-10-24 03:23 -------- d-----w- c:\program files (x86)\Xilisoft2014-10-24 02:05 . 2014-10-24 02:05 364512 ----a-w- c:\windows\system32\aswBoot.exe2014-10-24 02:05 . 2014-10-24 02:05 43152 ----a-w- c:\windows\avastSS.scr...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-10-24 02:05 . 2014-06-16 03:10 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys2014-10-24 02:05 . 2014-06-16 03:10 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-10-24 02:05 . 2014-06-16 02:29 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-10-24 02:05 . 2014-06-16 02:29 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-10-24 02:05 . 2014-06-16 02:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-10-24 02:05 . 2014-06-16 02:29 82768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-10-24 02:05 . 2014-06-16 02:29 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-10-24 02:05 . 2014-06-16 02:29 1049920 ----a-w- c:\windows\system32\drivers\aswsnx.sys2014-10-02 20:53 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe2014-09-08 21:29 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2014-08-15 16:28 . 2010-11-21 03:24 512000 ----a-w- c:\windows\system32\rpcss.dll2014-08-07 02:06 . 2014-08-12 17:46 529920 ----a-w- c:\windows\system32\aepdu.dll2014-08-07 02:01 . 2014-08-12 17:46 424448 ----a-w- c:\windows\system32\aeinv.dll2014-08-01 04:41 . 2013-03-17 01:36 99218768 ----a-w- c:\windows\system32\MRT.exe2012-07-12 08:19 . 2012-07-12 08:19 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\erdnt\cache64\svchost.exe[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe.c:\windows\SysWow64\svchost.exe ... is missing !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]"DAEMON Tools Lite"="c:\users\carol\Documents\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-31 1092688]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]"tvncontrol"="c:\program files (x86)\ShowMyPCService\tvnserver.exe" [2010-07-08 815704]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-24 5223016]"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-07-04 831192].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216].c:\users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28K19NY305QT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk - c:\program files\1-click run\WinZip Pro 17.5 Build 10480 (64bit)\WZQKPICK32.EXE [2013-5-9 685936].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]R3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetgps64.sys [x]R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 vdrive;vdrive;c:\windows\system32\DRIVERS\vdrive.sys;c:\windows\SYSNATIVE\DRIVERS\vdrive.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]R4 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]R4 tvnserver;TightVNC Server;c:\program files (x86)\ShowMyPCService\tvnserver.exe;c:\program files (x86)\ShowMyPCService\tvnserver.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-10-24 02:05 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-18 11779176]"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 167744]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 392512]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 417088]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.bing.com/?pc=U162mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;<local>uSearchAssistant = hxxp://www.google.comTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.BHO-{8232785C-5C98-4A6E-B7B4-911FFBED7582} - c:\progra~2\FASTFR~1\FASTFR~1\FASTFR~1.DLLToolbar-Locked - (no file)Toolbar-10 - (no file)Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exeWow6432Node-HKCU-Run-iLivid - c:\program files (x86)\iLivid\iLivid.exeWow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exeWow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exeWow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exeSafeBoot-48794605.sysHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startWebBrowser-{22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - (no file)WebBrowser-{16BB67E0-6319-4077-BE84-F41269E051F3} - (no file)HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exeAddRemove-Better Surf Plus - c:\program files (x86)\BetterSurf\BetterSurfPlus\uninstall.exeAddRemove-Feeding Frenzy 2 - c:\program files (x86)\Feeding Frenzy 2\uninstall.exeAddRemove-JoJo's Fashion Show 2 - Las Cruces - c:\program files (x86)\JoJo's Fashion Show 2 - Las Cruces\uninstall.exeAddRemove-Jojos Fashion Show_is1 - c:\program files (x86)\Jojos Fashion Show\ReflexiveArcade\unins000.exeAddRemove-PCHealthBoost - c:\program files (x86)\PC HealthBoost\hbuninst.exeAddRemove-pcsx2-r5350 - c:\users\carol\Documents\PCSX2 1.0.0\Uninst-pcsx2-r5350.exeAddRemove-SP_f5d3e0aa - c:\program files (x86)\SafeSaver\uninstall.exeAddRemove-Super Word Games 10,000 - c:\program files (x86)\Super Word Games 10AddRemove-Video Player - c:\program files (x86)\VideoPlayerV3\VideoPlayerV3beta548\uninstall.exeAddRemove-Viva Pinata_is1 - c:\program files (x86)\Viva Pinata\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1649277139-1060227582-4263488454-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]@Allowed: (Read) (RestrictedCode)"??"=hex:12,4d,cb,76,96,b0,7f,c4,dd,90,9b,2a,00,8c,f4,27,6c,64,4a,ce,c2,96,d6, 93,ae,df,7b,88,2e,bf,c4,5c,7f,77,cc,e3,ef,74,77,6a,27,e9,f3,82,86,bc,50,7c,\"??"=hex:9f,8d,16,f5,98,db,ba,9a,35,a0,d6,3e,99,c2,c9,98.[HKEY_USERS\S-1-5-21-1649277139-1060227582-4263488454-1000\Software\SecuROM\License information*]"datasecu"=hex:56,4d,fa,1b,f0,ae,c7,a2,08,58,59,a5,ce,47,38,d2,83,85,b1,2b,d8, c1,49,30,ec,c1,ee,9a,c3,36,f6,09,b2,32,a7,ad,ef,5d,1f,20,d4,28,18,57,d7,e1,\"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44.[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\BlueStacks\HD-Service.exec:\program files (x86)\BlueStacks\HD-Network.exec:\program files (x86)\BlueStacks\HD-BlockDevice.exec:\program files (x86)\BlueStacks\HD-SharedFolder.exe.**************************************************************************.Completion time: 2014-10-27 17:08:52 - machine was rebootedComboFix-quarantined-files.txt 2014-10-27 22:08.Pre-Run: 94,476,824,576 bytes freePost-Run: 110,780,010,496 bytes free.- - End Of File - - D8797AB144ABC6CC8062D46DE8B2FE27 Link to post Share on other sites More sharing options...
Naathim Posted October 29, 2014 ID:898234 Share Posted October 29, 2014 Hi Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
h90 Posted October 29, 2014 Author ID:898291 Share Posted October 29, 2014 Alright. Here are the logs. Thanks again for your help. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014Ran by carol (administrator) on HEATHERLAND on 29-10-2014 07:19:22Running from C:\Users\carol\Desktop\FRST-OlderVersionLoaded Profile: carol (Available profiles: carol)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe(WinZip Computing, S.L.) C:\Program Files\1-click run\WinZip Pro 17.5 Build 10480 (64bit)\WZQKPICK32.EXE(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [DAEMON Tools Lite] => C:\Users\carol\Documents\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe [417480 2012-07-03] (Adobe Systems Incorporated)HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnkShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\1-click run\WinZip Pro 17.5 Build 10480 (64bit)\WZQKPICK32.EXE (WinZip Computing, S.L.)Startup: C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnkShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D8840E583F1CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U162StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=US&userid=99a40741-2b3c-46e6-9030-a301e99db4f7&searchtype=ds&q={searchTerms}&installDate=20/06/2013BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No FileBHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Fast Free Converter 4.1 -> {8232785C-5C98-4A6E-B7B4-911FFBED7582} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL No FileBHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileToolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKCU - No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No FileToolbar: HKCU - No Name - {16BB67E0-6319-4077-BE84-F41269E051F3} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/stg_drm.ocxDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No FileFF Plugin-x32: @ei.Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5qEI\Installr\1.bin\NP5qEISB.dll No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\carol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.binFF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ffFF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ffFF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home311.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ffFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-15]FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtensionFF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha235\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta548\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha402\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha71\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ff [Not Found]Chrome:=======CHR Profile: C:\Users\carol\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (FTdownloader V4.0) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok [2013-06-14]CHR Extension: (SiteAdvisor) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-04-16]CHR Extension: (Torntv 2) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje [2013-06-10]CHR Extension: (GoPhoto.it) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-06-10]CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []CHR HKLM-x32\...\Chrome\Extension: [bffjccobdichdckaoldboabfigpbokfa] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta548\ch\VideoPlayerV3beta548.crx []CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx []CHR HKLM-x32\...\Chrome\Extension: [fpjimchmoknjabnkkchcaimpdfdhfdif] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ch\MediaWatchV1home311.crx []CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [jclikickahdnaiaonplibfidddddiapk] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha71\ch\MediaViewerV1alpha71.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [kemphmeilhpkpfgghpcffekcicoelbca] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha235\ch\WebexpEnhancedV1alpha235.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-10-23]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S4 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-23] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [82768 2014-10-23] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-23] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-23] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049920 2014-10-23] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-23] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-23] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-23] ()R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]S3 vdrive; system32\DRIVERS\vdrive.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-29 07:16 - 2014-10-29 07:19 - 00000000 ____D () C:\Users\carol\Desktop\FRST-OlderVersion2014-10-29 07:16 - 2014-10-29 07:16 - 02113536 _____ (Farbar) C:\Users\carol\Desktop\FRST64.exe2014-10-27 17:16 - 2014-10-27 17:17 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-10-27 17:15 - 2014-10-27 17:15 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-27 17:11 - 2014-10-27 17:07 - 19114072 _____ () C:\Users\carol\Desktop\RogueKillerX64.exe2014-10-27 17:08 - 2014-10-27 17:08 - 00041228 _____ () C:\ComboFix.txt2014-10-27 15:55 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2014-10-27 15:55 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2014-10-27 15:55 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2014-10-27 15:54 - 2014-10-27 17:09 - 00000000 ____D () C:\Qoobox2014-10-27 15:53 - 2014-10-27 17:06 - 00000000 ____D () C:\Windows\erdnt2014-10-27 15:51 - 2014-10-27 15:56 - 05591695 ____R (Swearware) C:\Users\carol\Desktop\ComboFix.exe2014-10-27 09:28 - 2014-10-29 07:19 - 00000000 ____D () C:\FRST2014-10-27 00:17 - 2014-10-27 00:17 - 00000000 ____D () C:\Users\carol\AppData\Roaming\124162014-10-26 21:35 - 2014-10-26 21:35 - 88052844 _____ () C:\Users\carol\Downloads\Lunar Knights.zip2014-10-26 15:10 - 2014-10-26 15:10 - 00000000 __SHD () C:\Users\carol\AppData\Local\EmieUserList2014-10-26 15:10 - 2014-10-26 15:10 - 00000000 __SHD () C:\Users\carol\AppData\Local\EmieSiteList2014-10-26 14:07 - 2014-10-26 14:07 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-26 14:07 - 2014-10-26 14:07 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-26 14:07 - 2014-10-26 14:07 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-26 14:07 - 2014-10-26 14:07 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-26 14:07 - 2014-10-26 14:07 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2014-10-26 14:07 - 2014-10-26 14:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-10-26 14:07 - 2014-10-26 14:07 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-10-26 14:07 - 2014-10-26 14:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-10-26 14:06 - 2014-10-26 14:06 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-26 14:06 - 2014-10-26 14:06 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-26 14:06 - 2014-10-26 14:06 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-26 14:06 - 2014-10-26 14:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-26 14:06 - 2014-10-26 14:06 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-26 14:06 - 2014-10-26 14:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat2014-10-26 14:06 - 2014-10-26 14:06 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2014-10-26 14:06 - 2014-10-26 14:06 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2014-10-26 14:06 - 2014-10-26 14:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-26 14:04 - 2014-10-26 14:04 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-10-26 13:59 - 2014-10-26 14:11 - 00008672 _____ () C:\Windows\IE11_main.log2014-10-26 13:31 - 2014-05-15 11:24 - 01351168 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll2014-10-26 13:29 - 2014-10-26 13:29 - 00754529 _____ () C:\Users\carol\Downloads\gdiplus.zip2014-10-26 13:29 - 2014-10-26 13:29 - 00000000 ____D () C:\Users\carol\Downloads\gdiplus2014-10-25 19:18 - 2014-10-25 19:18 - 00754608 _____ ( ) C:\Users\carol\Downloads\CR_Downloader_for_harvest-moon---back-to-nature.exe2014-10-25 15:05 - 2014-10-25 15:05 - 00000000 ____D () C:\Users\carol\AppData\Local\{C9CABFB9-F377-4B82-B8B3-2BE450039E14}2014-10-25 09:20 - 2014-10-25 09:20 - 00001373 _____ () C:\Users\carol\Desktop\dpgplay - Shortcut.lnk2014-10-23 22:24 - 2014-10-23 22:24 - 00002050 _____ () C:\Users\carol\Desktop\Xilisoft DPG Converter.lnk2014-10-23 22:24 - 2014-10-23 22:24 - 00000000 ____D () C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft2014-10-23 22:23 - 2014-10-23 22:23 - 00000000 ____D () C:\Users\carol\AppData\Roaming\Xilisoft2014-10-23 22:23 - 2014-10-23 22:23 - 00000000 ____D () C:\Program Files (x86)\Xilisoft2014-10-23 21:05 - 2014-10-23 21:05 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-10-23 21:05 - 2014-10-23 21:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-10-21 19:19 - 2014-10-21 19:20 - 00000000 ____D () C:\Users\carol\AppData\Local\{0A08C9E9-B91E-4D4D-8F69-2F020B073273}2014-10-19 16:48 - 2014-10-25 09:20 - 00000000 ____D () C:\Users\carol\Desktop\Emulators to play on ds2014-10-17 11:57 - 2014-10-17 11:58 - 00000000 ____D () C:\Users\carol\AppData\Local\{43E9153D-F4BA-4E1E-93C6-556960F4256A}2014-10-15 14:40 - 2014-10-15 14:43 - 00000000 ____D () C:\Users\carol\Documents\Assurance Wireless Documents 10-14-20142014-10-10 10:03 - 2014-10-10 10:03 - 00000000 ____D () C:\Users\carol\Documents\Games2014-10-06 19:01 - 2014-10-06 19:01 - 00000000 ____D () C:\Users\carol\AppData\Local\{1627B9DD-4F5B-498C-ACFC-3FFDF305E96F}2014-09-30 14:15 - 2014-09-30 14:15 - 00000000 ____D () C:\Users\carol\AppData\Local\{94936BEA-C469-4141-8045-3BDC9B737A0B}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-29 02:10 - 2011-08-13 19:34 - 01892564 _____ () C:\Windows\WindowsUpdate.log2014-10-28 22:28 - 2013-03-04 17:38 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}2014-10-28 20:39 - 2013-11-06 19:32 - 00020304 _____ () C:\Users\carol\Documents\zsnesw.cfg2014-10-28 20:39 - 2013-11-06 19:32 - 00003806 _____ () C:\Users\carol\Documents\zinput.cfg2014-10-28 20:39 - 2013-11-06 19:32 - 00002480 _____ () C:\Users\carol\Documents\zmovie.cfg2014-10-28 18:34 - 2009-07-14 00:13 - 00780908 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-28 18:18 - 2013-12-29 14:12 - 00000000 ____D () C:\Users\carol\Documents\Skyrim Mods2014-10-28 13:55 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-28 13:55 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-28 13:50 - 2009-07-13 23:51 - 00021903 _____ () C:\Windows\setupact.log2014-10-28 13:35 - 2010-11-20 22:47 - 00992768 _____ () C:\Windows\PFRO.log2014-10-28 13:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-27 18:49 - 2013-05-23 06:49 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute2014-10-27 17:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default2014-10-27 17:00 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2014-10-27 13:23 - 2013-03-07 00:53 - 00000000 ____D () C:\Users\carol\AppData\Roaming\vlc2014-10-27 09:37 - 2014-06-08 10:53 - 00000000 ____D () C:\Users\carol\AppData\Roaming\uTorrent2014-10-27 05:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-26 23:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-26 18:53 - 2014-06-15 21:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-10-26 14:58 - 2011-12-26 18:30 - 00001424 _____ () C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-10-26 13:51 - 2013-03-06 01:28 - 00000000 ____D () C:\ProgramData\Yahoo!2014-10-26 13:51 - 2013-03-06 01:28 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2014-10-26 13:19 - 2009-07-13 23:45 - 05101016 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-26 00:05 - 2014-06-08 13:55 - 00000000 ____D () C:\Users\carol\Documents\utorrent2014-10-24 23:12 - 2013-07-26 22:39 - 00000000 ____D () C:\Users\carol\Documents\Calibre Library2014-10-24 23:11 - 2013-07-26 23:08 - 00000000 ____D () C:\Users\carol\Documents\My Kindle Content2014-10-24 19:24 - 2012-01-07 21:12 - 00773522 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-10-24 19:13 - 2013-05-22 22:09 - 00000000 ____D () C:\ProgramData\Razer2014-10-23 22:41 - 2013-08-10 15:12 - 00002100 _____ () C:\Users\carol\Documents\desmume.ini2014-10-23 21:05 - 2014-06-15 22:10 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-10-23 21:05 - 2014-06-15 22:10 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-10-23 21:05 - 2014-06-15 21:29 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-10-21 19:21 - 2011-12-26 18:30 - 00000000 ____D () C:\Users\carol\AppData\Local\Windows Live2014-10-18 09:51 - 2014-07-11 15:49 - 00000000 ____D () C:\Users\carol\Desktop\Temp2014-10-18 09:16 - 2009-07-14 00:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-10-14 20:40 - 2013-07-26 22:39 - 00000000 ____D () C:\Users\carol\Documents\Battery2014-10-02 15:53 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exeSome content of TEMP:====================C:\Users\carol\AppData\Local\Temp\dllnt_dump.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.C:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-10-26 02:17==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014Ran by carol at 2014-10-29 07:19:55Running from C:\Users\carol\Desktop\FRST-OlderVersionBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)1001 Japanese Crosswords (HKLM-x32\...\1001 Japanese Crosswords) (Version: 1.00.07.06.01 - Selectsoft Publishing)1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.00.07.04.30 - Selectsoft Publishing)1001 Tangram Puzzles (HKLM-x32\...\1001 Tangram Puzzles) (Version: 1.00.07.02.14 - Selectsoft Publishing)2002 Games (HKLM-x32\...\2002 Games) (Version: 1.00.07.02.13 - Selectsoft Publishing)2002 Kakuro Puzzles (HKLM-x32\...\2002 Kakuro Puzzles) (Version: 1.00.07.06.01 - Selectsoft Publishing)2002 Pentamino Puzzles (HKLM-x32\...\2002 Pentamino Puzzles) (Version: 1.00.07.02.14 - Selectsoft Publishing)2002 Space Out Games (HKLM-x32\...\2002 Space Out Games) (Version: 1.00.07.06.01 - Selectsoft Publishing)3003 Crystal Mazes (HKLM-x32\...\3003 Crystal Mazes) (Version: 1.00.07.06.11 - Selectsoft Publishing)500 Solitaire Games (HKLM-x32\...\500 Solitaire Games) (Version: 2.00.07.02.14 - Selectsoft Publishing)64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) HiddenAcer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) HiddenAcer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0301.2011 - Acer Incorporated)Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) HiddenAimersoft Audio Converter(Build 2.2.0.37) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software)Aimersoft DVD Copy(Build 2.0.0.16) (HKLM-x32\...\Aimersoft DVD Copy_is1) (Version: - Aimersoft Software)Aimersoft DVD Creator(Build 2.1.1.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)Aimersoft DVD Ripper(Build 2.2.0.27) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)Aimersoft DVD Studio Pack(Build 2.2.0.19) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software)Aimersoft Video Converter(Build 2.2.0.19) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software)Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)Ancient Rome 1.0 (HKLM-x32\...\Ancient Rome_is1) (Version: - GamesPub Ltd.)Angry Birds Rio (HKLM-x32\...\{0D637670-BC00-4FAC-8E00-518EB7F65091}) (Version: 1.4.4 - Rovio)Angry Birds Seasons (HKLM-x32\...\{9240D97C-D575-465E-A681-21C0979EE5DF}) (Version: 2.2.0 - Rovio)Angry Birds Seasons (HKLM-x32\...\{F84FF19C-E18B-43C4-9366-D3056CEF74A0}) (Version: 1.0.0 - Rovio)Angry Birds Space (HKLM-x32\...\Angry Birds Space1.0) (Version: 1.0 - Foxy Games)Angry Birds Star Wars II (HKLM-x32\...\{C4887610-6DE9-4538-A6CD-2B44673FE133}) (Version: 1.0.1 - Rovio Entertainment Ltd.)AngryBirdsStarWars 1.00 (HKLM-x32\...\AngryBirdsStarWars 1.00) (Version: 1.00 - Cat-A-Cat)Atlantis (remove only) (HKLM-x32\...\BFG-Atlantis) (Version: - )Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) HiddenBee Empire 1.0 (HKLM-x32\...\Bee Empire_is1) (Version: - GamesPub Ltd.)Bee Garden 1.0 (HKLM-x32\...\Bee Garden_is1) (Version: - GamesPub Ltd.)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version: - PopCap Games)Best Games Hits 3 (HKLM-x32\...\Best Game Hits 3) (Version: 1.00.09.07.10 - Selectsoft Publishing)Better Surf Plus (HKLM-x32\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTIONBig Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )Big Kahuna Reef 2 - Chain Reaction (HKLM-x32\...\BFG-Big Kahuna Reef 2 - Chain Reaction) (Version: - )Big Kahuna Reef 2 (HKLM-x32\...\Big Kahuna Reef 2) (Version: - Spintop Media, Inc)Big Kahuna Reef 3 (HKLM-x32\...\BFG-Big Kahuna Reef 3) (Version: - )Bloomo 1.0 (HKLM-x32\...\Bloomo_is1) (Version: - GamesPub Ltd.)BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Breathtaking Water Scenes (HKLM-x32\...\{D85D3012-4C63-4CD3-9614-682F4B3A467B}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTIONBug Bits 1.0 (HKLM-x32\...\Bug Bits_is1) (Version: - GamesPub Ltd.)Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hiddencalibre (HKLM-x32\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)Call of Atlantis (HKLM-x32\...\BFG-Call of Atlantis) (Version: - )Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCrystal Caverns of Amon-Ra (HKLM-x32\...\Crystal Caverns of Amon-Ra) (Version: 1.00.09.03.08 - Selectsoft Publishing)Cure the Zombies 1.0 (HKLM-x32\...\Cure the Zombies_is1) (Version: - GamesPub Ltd.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDrug Lord 2 (HKLM-x32\...\Drug Lord 2) (Version: - )DVDFab 9.1.1.5 (07/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)Dynasty of Egypt (HKLM-x32\...\Dynasty of Egypt) (Version: 1.00.08.09.03 - Selectsoft Publishing)ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) HiddenFable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) HiddenFairy Forest (HKLM-x32\...\{D1D0FAEA-D317-439A-9798-3D406E850BDE}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTIONFashion Craze (HKLM-x32\...\Fashion Craze_is1) (Version: - GamesPub Ltd.)Fashion Season (HKLM-x32\...\Fashion Season_is1) (Version: - GamesPub Ltd.)FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenFeeding Frenzy 2 (HKLM-x32\...\Feeding Frenzy 2) (Version: - Spintop Media, Inc)Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) HiddenFluffy Rescue Levels Pack (HKLM-x32\...\Fluffy Rescue Levels Pack_is1) (Version: - GamesPub Ltd.)Funny Miners 1.0 (HKLM-x32\...\Funny Miners_is1) (Version: - GamesPub Ltd.)Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGame Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 4.1.0.8 - WildTangent, Inc.)Gardenscapes - Mansion Makeover (HKLM-x32\...\Gardenscapes - Mansion Makeover) (Version: - Spintop Media, Inc)Gardenscapes - Mansion Makeover Collectors Edition (HKLM-x32\...\Gardenscapes - Mansion Makeover Collectors Edition1.0) (Version: 1.0 - Foxy Games)Gardenscapes 2 CE (HKLM-x32\...\Gardenscapes 2 CE1.0) (Version: 1.0 - Foxy Games)GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)Hard Truck Apocalypse (HKLM-x32\...\Hard Truck Apocalypse_is1) (Version: 1.0 - )Hexagon Mahjongg (HKLM-x32\...\Hexagon Mahjongg) (Version: 1.00.08.10.13 - Selectsoft Publishing)HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTIONIsland Realms (HKLM-x32\...\Island Realms_is1) (Version: - GamesPub Ltd.)Jewel Quest Heritage (HKLM-x32\...\BFG-Jewel Quest Heritage) (Version: - )Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) HiddenJewels of the Nile (HKLM-x32\...\Jewels of the Nile) (Version: 1.00.08.08.27 - Selectsoft Publishing)Jo Dream - Organic Coffee (HKLM-x32\...\Jo Dream - Organic Coffee_is1) (Version: - GamesPub Ltd.)Jojos Fashion Show (HKLM-x32\...\Jojos Fashion Show_is1) (Version: - )JoJo's Fashion Show 2 - Las Cruces (HKLM-x32\...\JoJo's Fashion Show 2 - Las Cruces) (Version: - Spintop Media, Inc)Jojo's Fashion Show 2 - Las Cruces (HKLM-x32\...\Jojo's Fashion Show 2 - Las Cruces_is1) (Version: 1.0 - MyPlayCity, Inc.)Jojo's Fashion Show 2 Deluxe (HKLM-x32\...\{05331DF6-839A-4C9A-A013-54946E3772B7}_is1) (Version: - RaBBiT)Jojo's Fashion Show 2 Deluxe (HKLM-x32\...\{6AD79F87-DB61-4B04-9BE2-92149A98865E}_is1) (Version: - RaBBiT)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLaunch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Acer Inc.)Living Waterfalls 2 (HKLM-x32\...\{30DCE977-E0F0-41ED-BDEC-CDDB04064D0E}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTIONLost in Reefs (HKLM-x32\...\BFG-Lost in Reefs) (Version: - )Magic Farm (HKLM-x32\...\Magic Farm_is1) (Version: - GamesPub Ltd.)Magic Life (HKLM-x32\...\Magic Life_is1) (Version: - GamesPub Ltd.)Magic Sweets (HKLM-x32\...\Magic Sweets_is1) (Version: - GamesPub Ltd.)Magical Mysteries (HKLM-x32\...\Magical Mysteries_is1) (Version: - GamesPub Ltd.)Megapolis (HKLM-x32\...\Megapolis_is1) (Version: - GamesPub Ltd.)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)Milton Bradley Classic Board Games (HKLM-x32\...\ClassicBoard) (Version: - )Mini Golf 1.0 (HKLM-x32\...\Mini Golf_is1) (Version: - GamesPub Ltd.)Monkey Jump 1.0 (HKLM-x32\...\Monkey Jump_is1) (Version: - GamesPub Ltd.)Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version: - )Mr.Bree Returning Home 1.0 (HKLM-x32\...\Mr.Bree Returning Home_is1) (Version: - GamesPub Ltd.)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Web Search (Webfetti) (HKLM-x32\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTIONMystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) HiddenMyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) HiddenMyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) HiddenMyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) HiddenNamco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenNight Before Christmas (HKLM-x32\...\{C3D88AC2-D938-47F2-B76D-BC7308FC2A12}) (Version: 1.0.2 - InstallX, LLC) <==== ATTENTIONNOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)Operation Neptune! (HKLM-x32\...\Onwin32.exe) (Version: - )Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)Ostrich Runner 1.0 (HKLM-x32\...\Ostrich Runner_is1) (Version: - GamesPub Ltd.)PCHealthBoost 2.3.0 (HKLM-x32\...\PCHealthBoost) (Version: 2.3.0 - Boost Software Inc.)PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenPenguins Arena 1.5 (HKLM-x32\...\Penguins Arena_is1) (Version: - Frogames)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPiranha Panic Demo (HKLM-x32\...\Piranha Panic Demo) (Version: - )Plant This (HKLM-x32\...\{18987371-41DE-4AC9-A05D-83A3767FADC8}_is1) (Version: - RaBBiT)Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenProject 64 version 2.0.0.14 (HKLM-x32\...\Project 64_is1) (Version: 2.0.0.14 - )Puzzle and Board XP Championship (HKLM-x32\...\Puzzle and Board XP Championship) (Version: 1.00.07.06.01 - Selectsoft Publishing)Puzzle XP Championship 3000 (HKLM-x32\...\Puzzle XP Championship 3000) (Version: 3.00.06.03.24 - Selectsoft Publishing)Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 3.6 - Razer USA Ltd)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)Richie The Gnome Underground Treasures 1.0 (HKLM-x32\...\Richie The Gnome Underground Treasures_is1) (Version: - GamesPub Ltd.)Ride'Em Low (HKLM-x32\...\{109D28DA-E555-4896-BF22-E312F764562C}_is1) (Version: - Play sp. z o. o.)Rocko Blocko 1.0 (HKLM-x32\...\Rocko Blocko_is1) (Version: - GamesPub Ltd.)SafeSaver 1.74 (HKLM-x32\...\SP_f5d3e0aa) (Version: - ) <==== ATTENTIONScan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) HiddenShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)Shredder (Version: 2.0.8.7 - Egis Technology Inc.) HiddenShredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) HiddenSky Taxi (HKLM-x32\...\Sky Taxi_is1) (Version: - GamesPub Ltd.)Sky Taxi 2 (HKLM-x32\...\Sky Taxi 2_is1) (Version: - GamesPub Ltd.)Sky Taxi 3 (HKLM-x32\...\Sky Taxi 3_is1) (Version: - GamesPub Ltd.)Sky Track (HKLM-x32\...\Sky Track_is1) (Version: - GamesPub Ltd.)Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)Super Word Games 10,000 (HKLM-x32\...\Super Word Games 10,000) (Version: 1.00.09.07.09 - Selectsoft Publishing)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSystem Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)Taipei Mahjongg 25K (HKLM-x32\...\Taipei Mahjongg 25K) (Version: 1.00.08.03.04 - Selectsoft Publishing)The Cursed Land (HKLM-x32\...\The Cursed Land_is1) (Version: - GamesPub Ltd.)The Forest 1.0 (HKLM-x32\...\The Forest 1.0) (Version: 1.0 - Cat-A-Cat)The Warehouse 1.0 (HKLM-x32\...\The Warehouse_is1) (Version: - GamesPub Ltd.)Tikibar 1.0 (HKLM-x32\...\Tikibar_is1) (Version: - GamesPub Ltd.)Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)Times Reader (x32 Version: 2.055 - The New York Times Company) HiddenToolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTorchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 1.13 - Encore, Inc., A Navarre Corporation Company.)Torchlight (x32 Version: 2.2.0.95 - WildTangent) HiddenTSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )Turtix (HKLM-x32\...\Turtix1.0) (Version: 1.0 - Foxy Games)Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Unofficial Oblivion Patch v3.4.2 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.4.2 - Quarn, Kivan, and Arthmoor)Unofficial Official Mods Patch v17.1 (HKLM-x32\...\Unofficial Official Mods Patch_is1) (Version: v17.1 - Quarn, Kivan, and Arthmoor)Unofficial Shivering Isles Patch v1.5.1 (HKLM-x32\...\Unofficial Shivering Isles Patch_is1) (Version: 1.5.1 - Quarn, Kivan, and Arthmoor)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVacation Quest - Australia (HKLM-x32\...\Vacation Quest - Australia) (Version: - Spintop Media, Inc)VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) HiddenVideo Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTIONVirtual Vegas Slots Bonus (HKLM-x32\...\Virtual Vegas Slots Bonus) (Version: 1.00.07.10.10 - Selectsoft Publishing)Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenViva Pinata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios:)Viva Pinata (HKLM-x32\...\Viva Pinata_is1) (Version: - )VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Waterfalls 3 Portals 1.0 (HKLM-x32\...\Waterfalls 3 Portals_is1) (Version: - GamesPub Ltd.)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)WildTangent Games App (x32 Version: 4.0.11.7 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)WinZip Pro 17.5 Build 10480 (64bit) (HKLM\...\WinZip Pro 17.5 Build 10480 (64bit)17.5 Build 10480) (Version: 17.5 Build 10480 - Friends in War)Xilisoft DPG Converter (HKCU\...\Xilisoft DPG Converter) (Version: 7.4.0.20120712 - Xilisoft)Zuma Deluxe (HKLM-x32\...\BFG-Zuma Deluxe) (Version: - )Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================29-10-2014 07:08:50 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2014-10-27 17:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {1B89F03F-ECA8-4E95-9254-9E0515519E7C} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-05-07] ()Task: {37C5F2AA-6798-4836-9455-52DCD9467079} - System32\Tasks\PCHB_carol_PCHealthBoost_RM => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {43E1F4CD-4A95-4002-BF69-4DB7E3C75C34} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)Task: {609CFE5B-3DD8-473B-ABAF-4E174FD29C97} - System32\Tasks\AdobeAAMUpdater-1.0-HEATHERLAND-carol => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)Task: {6CA56A4A-1C95-4416-AD65-5417D66B2B24} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {880162F7-D9A7-41D2-BD7E-DBF40C9DDE19} - System32\Tasks\4710 => Wscript.exe C:\Users\carol\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {A38F420D-C68F-4861-8BE9-C390E2C55567} - System32\Tasks\{12ECEACC-0D89-43D6-A5BD-802A5389BBF8} => Iexplore.exe http://ui.skype.com/ui/0/5.0.0.152.367/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabledTask: {D16A8298-15E5-4E80-9484-5C8E8B2CB4B7} - System32\Tasks\PCHB_carol_PCHealthBoost_RN => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {D80DF6DB-23CF-4B22-BFD4-16B25D093A8D} - System32\Tasks\PCHB_carol_PCHealthBoost_LG => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {E21AB595-1B50-4AAE-A796-B00429EC2646} - System32\Tasks\PCHB_carol_PCHealthBoost_UP => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {E5B0A4CC-44EB-41C0-AF5A-592E44837F6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)Task: {F1E19BB9-ADED-4BC6-9120-1FF884F4723C} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTIONTask: {FD103F5B-EA18-4E64-9253-EF1D50EC7A07} - System32\Tasks\PCHB_carol_PCHealthBoost_RS => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe==================== Loaded Modules (whitelisted) =============2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-05-22 22:09 - 2012-08-01 15:44 - 00139024 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll2009-01-21 18:45 - 2009-01-21 18:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll2012-08-09 15:21 - 2012-08-09 15:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-10-27 17:00 - 2014-10-27 17:00 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102702\algo.dll2014-10-28 13:37 - 2014-10-28 13:37 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102800\algo.dll2014-10-28 17:41 - 2014-10-28 17:41 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102801\algo.dll2011-02-15 13:37 - 2011-02-15 13:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll2011-02-15 13:36 - 2011-02-15 13:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll2011-02-15 13:37 - 2011-02-15 13:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll2014-10-23 21:05 - 2014-10-23 21:05 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2013-02-07 14:33 - 2013-02-07 14:33 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\99bd60d446f190d3f787f8eb02442187\IsdiInterop.ni.dll2011-04-18 23:22 - 2010-04-13 11:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData\Temp:0588E665AlternateDataStreams: C:\ProgramData\Temp:517FAB99AlternateDataStreams: C:\ProgramData\Temp:522EA216AlternateDataStreams: C:\ProgramData\Temp:6D5A15BFAlternateDataStreams: C:\ProgramData\Temp:880F0FEFAlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0AlternateDataStreams: C:\ProgramData\Temp:B12D1A7DAlternateDataStreams: C:\ProgramData\Temp:B7F2E188AlternateDataStreams: C:\ProgramData\Temp:C0DFB793AlternateDataStreams: C:\ProgramData\Temp:D19F6C18AlternateDataStreams: C:\ProgramData\Temp:D2A61C65AlternateDataStreams: C:\ProgramData\Temp:D667795FAlternateDataStreams: C:\ProgramData\Temp:DBAD570FAlternateDataStreams: C:\ProgramData\Temp:F75D000DAlternateDataStreams: C:\ProgramData\Temp:FC2E567F==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: DsiWMIService => 2MSCONFIG\Services: FLEXnet Licensing Service => 3MSCONFIG\Services: GamesAppIntegrationService => 3MSCONFIG\Services: GamesAppService => 3MSCONFIG\Services: IDriverT => 3MSCONFIG\Services: MyWebSearchService => 2MSCONFIG\Services: NOBU => 2MSCONFIG\Services: tvnserver => 2========================= Accounts: ==========================Administrator (S-1-5-21-1649277139-1060227582-4263488454-500 - Administrator - Disabled)carol (S-1-5-21-1649277139-1060227582-4263488454-1000 - Administrator - Enabled) => C:\Users\carolGuest (S-1-5-21-1649277139-1060227582-4263488454-501 - Limited - Disabled)==================== Faulty Device Manager Devices =============Name: Ethernet ControllerDescription: Ethernet ControllerClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (10/29/2014 00:00:47 AM) (Source: SideBySide) (EventID: 9) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.The manifest file root element must be assembly.Error: (10/28/2014 02:34:46 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program TESV.exe version 1.9.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1028Start Time: 01cff2e1dbcb030eTermination Time: 191Application Path: C:\Program Files (x86)\TSEV Skyrim LE\TESV.exeReport Id:Error: (10/28/2014 01:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/28/2014 09:08:01 AM) (Source: SideBySide) (EventID: 9) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.The manifest file root element must be assembly.Error: (10/27/2014 04:59:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/27/2014 09:45:35 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program FRST64.exe version 27.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1694Start Time: 01cff1f492b43b1aTermination Time: 0Application Path: K:\FRST64.exeReport Id:Error: (10/27/2014 04:42:10 AM) (Source: SideBySide) (EventID: 9) (User: )Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.The manifest file root element must be assembly.Error: (10/27/2014 00:18:37 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8eException code: 0xc0000005Fault offset: 0x000000000004e4b4Faulting process id: 0x11f8Faulting application start time: 0xwmprph.exe0Faulting application path: wmprph.exe1Faulting module path: wmprph.exe2Report Id: wmprph.exe3Error: (10/26/2014 09:43:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: ePowerTray.exe, version: 6.0.3006.0, time stamp: 0x4d63b25cFaulting module name: ePowerTray.exe, version: 6.0.3006.0, time stamp: 0x4d63b25cException code: 0xc0000005Fault offset: 0x00000000000120b9Faulting process id: 0x10b4Faulting application start time: 0xePowerTray.exe0Faulting application path: ePowerTray.exe1Faulting module path: ePowerTray.exe2Report Id: ePowerTray.exe3Error: (10/26/2014 06:55:42 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: ePowerTray.exe, version: 6.0.3006.0, time stamp: 0x4d63b25cFaulting module name: ePowerTray.exe, version: 6.0.3006.0, time stamp: 0x4d63b25cException code: 0xc0000005Fault offset: 0x00000000000120b9Faulting process id: 0xfb8Faulting application start time: 0xePowerTray.exe0Faulting application path: ePowerTray.exe1Faulting module path: ePowerTray.exe2Report Id: ePowerTray.exe3System errors:=============Error: (10/28/2014 01:37:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The BlueStacks Android Service service hung on starting.Error: (10/28/2014 01:36:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater14.2.0 service failed to start due to the following error:%%2Error: (10/27/2014 05:10:48 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}Error: (10/27/2014 04:58:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater14.2.0 service failed to start due to the following error:%%2Error: (10/27/2014 04:25:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (10/27/2014 04:25:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (10/27/2014 04:24:18 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (10/27/2014 04:13:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (10/27/2014 04:09:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Management Instrumentation service terminated with the following error:%%127Error: (10/27/2014 04:09:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Management Instrumentation service terminated with the following error:%%127Microsoft Office Sessions:=========================Error: (10/29/2014 00:00:47 AM) (Source: SideBySide) (EventID: 9) (User: )Description: c:\program files\1-click run\winzip pro 17.5 build 10480 (64bit)\adxloader.dll.Manifestc:\program files\1-click run\winzip pro 17.5 build 10480 (64bit)\adxloader.dll.Manifest2Error: (10/28/2014 02:34:46 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: TESV.exe1.9.32.0102801cff2e1dbcb030e191C:\Program Files (x86)\TSEV Skyrim LE\TESV.exeError: (10/28/2014 01:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/28/2014 09:08:01 AM) (Source: SideBySide) (EventID: 9) (User: )Description: c:\program files\1-click run\winzip pro 17.5 build 10480 (64bit)\adxloader.dll.Manifestc:\program files\1-click run\winzip pro 17.5 build 10480 (64bit)\adxloader.dll.Manifest2Error: (10/27/2014 04:59:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/27/2014 09:45:35 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: FRST64.exe27.10.2014.0169401cff1f492b43b1a0K:\FRST64.exeError: (10/27/2014 04:42:10 AM) (Source: SideBySide) (EventID: 9) (User: )Description: c:\program files\1-click run\winzip pro 17.5 build 10480 (64bit)\adxloader.dll.Manifestc:\program files\1-click run\winzip pro 17.5 build 10480 (64bit)\adxloader.dll.Manifest2Error: (10/27/2014 00:18:37 AM) (Source: Application Error) (EventID: 1000) (User: )Description: wmprph.exe12.0.7600.163854a5bd018ntdll.dll6.1.7601.177254ec4aa8ec0000005000000000004e4b411f801cff1a57347379fC:\Program Files\Windows Media Player\wmprph.exeC:\Windows\SYSTEM32\ntdll.dllb449c069-5d98-11e4-ba95-bf3401f55404Error: (10/26/2014 09:43:00 PM) (Source: Application Error) (EventID: 1000) (User: )Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b910b401cff18f626f9532C:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exef709b0b1-5d82-11e4-ba95-bf3401f55404Error: (10/26/2014 06:55:42 PM) (Source: Application Error) (EventID: 1000) (User: )Description: ePowerTray.exe6.0.3006.04d63b25cePowerTray.exe6.0.3006.04d63b25cc000000500000000000120b9fb801cff17800e5ac2bC:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exe9798675a-5d6b-11e4-ba95-bf3401f55404CodeIntegrity Errors:=================================== Date: 2014-10-27 16:24:18.168 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-27 16:24:18.028 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-18 14:06:32.060 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-18 14:06:31.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:22.668 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:22.545 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:16.923 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:16.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:14.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:14.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Pentium® CPU P6200 @ 2.13GHzPercentage of memory in use: 43%Total physical RAM: 3766.7 MBAvailable physical RAM: 2111.71 MBTotal Pagefile: 7531.59 MBAvailable Pagefile: 5306.25 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB==================== Drives ================================Drive c: (Heather) (Fixed) (Total:447.66 GB) (Free:108.03 GB) NTFSDrive e: (1) (CDROM) (Total:2.24 GB) (Free:0 GB) CDFSDrive k: () (Removable) (Total:14.9 GB) (Free:8.81 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E871886)Partition 1: (Not Active) - (Size=18 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)========================================================Disk: 2 (Size: 14.9 GB) (Disk ID: 00000000)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted October 29, 2014 ID:898313 Share Posted October 29, 2014 OK, another portion of scans/fixes. Fix with Junkware Removal Tool Please download JRT by Thisisu and save the file to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Follow the prompts and let this process run uninterrupted.This scan can take a while, depending on your System specs.Upon completion, a log (JRT.txt) will open on your desktop.Please include the contents of that file in your reply. Do not forget to re-enable your previously switched off protection software! Please also manually reboot your machine after this procedure. Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your desktop.Right-click on icon and select Run as Administrator to start the tool.The program will begin to update the database (if internet connection is operational). Please wait a little bit.Follow the prompts and click Scan.When finished, please click Clean.Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.Please include the contents of that file in your reply. Link to post Share on other sites More sharing options...
h90 Posted October 29, 2014 Author ID:898488 Share Posted October 29, 2014 Ok here are the logs. And do I really have 3 internet browsers? I only downloaded IE 11. I don't know why or how I got Mozilla or google chrome.....again, thank-you so much! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.3 (10.21.2014:1)OS: Windows 7 Home Premium x64Ran by carol on Wed 10/29/2014 at 10:51:33.16~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry ValuesSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default ~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3297947Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3298581Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3297947Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298581Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnSetup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\CR_Downloader_for_scooby-doo---unmasked_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\CR_Downloader_for_scooby-doo---unmasked_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ConduitInstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\glindorus_2709-e3c075a1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\glindorus_2709-e3c075a1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\glindorus_Setup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\glindorus_Setup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateglindorus_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateglindorus_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilglindorus_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilglindorus_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r1040-n-bi_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r1040-n-bi_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SearchquMediaBar_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SearchquMediaBar_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluestacks-app-player_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_bluestacks-app-player_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_monopoly_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_monopoly_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_winx-dvd-ripper_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_winx-dvd-ripper_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\CR_Downloader_for_scooby-doo---unmasked_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\CR_Downloader_for_scooby-doo---unmasked_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\glindorus_2709-e3c075a1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\glindorus_2709-e3c075a1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\glindorus_Setup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\glindorus_Setup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateglindorus_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateglindorus_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilglindorus_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilglindorus_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r1040-n-bi_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r1040-n-bi_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluestacks-app-player_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_bluestacks-app-player_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_monopoly_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_monopoly_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_winx-dvd-ripper_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_winx-dvd-ripper_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} ~~~ FilesSuccessfully deleted: [File] "C:\Windows\wininit.ini" ~~~ FoldersSuccessfully deleted: [Folder] C:\ProgramData\Alawar StargazeSuccessfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\babylon"Successfully deleted: [Folder] "C:\ProgramData\browserdefender"Successfully deleted: [Folder] "C:\ProgramData\pchealthboost"Successfully deleted: [Folder] "C:\ProgramData\speedypc software"Successfully deleted: [Folder] "C:\ProgramData\starapp"Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\babsolution"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\babylon"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\drivercure"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\goforfiles"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\iminent"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\performersoft"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\speedypc software"Successfully deleted: [Folder] "C:\Users\carol\appdata\local\iac"Successfully deleted: [Folder] "C:\Users\carol\appdata\local\ilivid player"Successfully deleted: [Folder] "C:\Users\carol\appdata\local\swvupdater"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\coupon savings"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\datamngr"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\delta"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\funwebproducts"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\mywebsearch"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\searchquband"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\sweetim"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\visi_coupon"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\yahoocouponaddon"Successfully deleted: [Folder] "C:\Users\carol\appdata\locallow\zwinky_5qei"Successfully deleted: [Folder] "C:\Program Files (x86)\glindorus"Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"Successfully deleted: [Folder] "C:\Program Files (x86)\speedypc software"Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"Successfully deleted: [Folder] "C:\Program Files (x86)\videodownloadconverter_4zei"Successfully deleted: [Folder] "C:\Program Files (x86)\zwinky_5qei"Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"Successfully deleted: [Folder] "C:\Users\carol\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{000180E8-6BDF-423A-890E-5FE1621CF5DD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{00391D57-5CBC-407B-8AF4-34BE6CC9A0FB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{00C0A34E-5ADA-46E2-BFF9-C812AFBB9FC1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0346E0EB-F9FD-4753-89EB-E3B302AAB980}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{04592163-7535-4D05-B27C-D88885BFFF5C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{05E0F502-2FEA-43B9-BCB7-6410CCAFFE8D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{063FB76F-3FE4-4997-A232-7364DA662FAF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0892D21A-88EE-4E5E-9D1C-FF2AFA419DC1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0A08C9E9-B91E-4D4D-8F69-2F020B073273}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0A469B4C-A88C-41F1-BFB9-FF185CCE83E0}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0A5B2A51-776D-492C-9CAC-F8A1BF82F5B4}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0B83EAE9-A77B-48E4-82DA-721B755EE7E7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0BF9F0B1-1509-4BE3-8315-D252C81F0FAC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0C115BBF-B39F-4815-BC2A-02ED3BB2895C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0CDBB850-B432-4DB0-9303-CE60D49B905C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0D510727-EF99-48B2-B407-FDC2C7684379}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{0D554940-52FB-49ED-91EA-E341ADE1D268}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{11F5843A-FD30-4428-9ABE-38F9C5FB6617}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{122ACC91-3DC3-4071-9457-8A84DBF676FC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{122CD629-7501-4C86-9DD7-DFD64D8B5791}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1234E9A3-DA33-4CCC-919B-2D4A6FD62246}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{12C809ED-9910-4C1D-A8DA-CFD8E894CB46}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{12CA79F4-07C8-4D66-8BDA-B1E52530FC81}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{130B977A-8449-48DF-ADA8-C34AF3B2DD47}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{131BC8C6-C6FF-465F-ABC5-BEFDC1478651}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1627B9DD-4F5B-498C-ACFC-3FFDF305E96F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{166FB500-212E-4424-9CB4-DA8FA05D7569}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{16884176-966C-4206-A9DE-75548029D7F8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{16BE49E7-BA16-4917-A965-F3F60632D5C7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{17864BD1-9C89-4B4E-BE7E-7C85EE087692}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1786BD22-40A4-48F1-A405-4835A026A577}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{17B9A89F-A63F-4666-96FF-6BA5294A8915}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{185357A2-0E4E-46CE-A75C-CE519E40624E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{189305CD-7114-4033-B707-92749773D8ED}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{18ADF214-DDEE-47D1-9F7C-D1191283E00F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{18D57444-9BD3-4A37-912B-4B58710BCF91}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{19C01616-33C9-4761-9713-3BB70BC800CA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1A4A97AC-6CAA-4DF1-B4E8-9C2B8BFC4224}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1A4C3379-15A7-4F6B-9A87-3494EF6DE0E5}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1C1FB16E-5996-40CB-BFD4-BDE7449C5303}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1C2631CD-8CD9-463B-8B32-5BCF6902A358}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1CEFD231-9AAC-41B8-93A2-E754A49BDB23}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1D83D893-F2D5-438D-A2CF-FAEAC9333C16}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1EC496DF-88AD-4146-BA2F-5178702B085B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1EF65EBF-4BD6-4DF4-A6C2-491C9BF26815}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{1F7C4B79-6A37-4093-8DCC-ECBD05C5DA3D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{208B84F5-F559-4059-9AFE-F8E3C07C8610}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{20A80FB3-CF92-49D4-86FB-82F50E81300E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{20D4136A-B986-4F38-A920-C080345C9E3C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{20EB8C8B-3F16-4420-8FB8-70F784D16345}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{21FEBE5C-BC67-4803-9534-19BDCBFA86F1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{22876572-412C-444D-BA62-4B2655E39F8E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{237DCCAE-FDF0-49ED-A8E9-222106D9B88F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{23A5768E-C1C4-4E8F-A5B4-69A7A256943C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{243E61F5-8738-4550-927B-62DAF243F075}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{25BB3CAA-7A73-4071-AE5C-A2EFCE0F3ABA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{26158578-40A0-4CFD-8805-5F5DEF0A0B75}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{261965C0-3E38-4516-8569-45DB9FC9D711}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{263BB147-DB63-4D8B-8140-490166727513}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{279EE6C0-58B8-4FF1-ADF0-B45ED73A4B3A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{27CF7AB7-E2E5-4358-BF71-543E4CB54CF5}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{28114AE1-0F53-433E-A0CD-82D8DF479437}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{29009F38-0DBC-4E08-9EC5-5B33802C709F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{292D0137-9426-400B-AC0B-C962876A655C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{29704434-AD80-430B-A5FB-E9E791A49778}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{29A7D329-F208-402A-8870-8A5BD8AB6F0A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2A2DB0C8-3AA2-4AEA-A82C-814A4F8867C6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2B41EAF9-510F-4E5C-BDBC-E94DD01F6666}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2B6A0BC9-5750-4FA9-AF89-7F8336A7F5C9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2BEC6102-6CD5-44DD-B11C-43919027A2DC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2D6D24D4-D8AF-465A-91C4-A2BC94755724}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2D9FD3F8-39FC-4302-87AE-5CAE5E7E817B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2E2955F9-B3D1-48DC-B8F4-231A4B6E9610}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2E813F0F-3EA6-4001-9C48-43260B664DEC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2EA023B8-6C2D-43C0-B160-BFDDF0995BE8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2ECFF2C7-6B03-4BCD-92DB-C62C296DC14C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2F38B446-8DAB-459E-9BBB-54F84685425E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2F679D23-97AA-4840-8056-E15F85B56AA2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2F6A01D1-8A3E-45FF-BAC6-3A052B7545E1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{2FD8F3A2-43EF-47CB-AA36-6DD3BB9C2054}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3004BDC9-21E7-4F45-AFB8-A5772EAAE46D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{30BB8517-C9B9-4F6B-BA39-AFC611908CDA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{31CE262F-62B0-4405-8834-DF1ACC08116B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{31D368AE-755A-425C-81E8-95427B6091C6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{31E75FAA-52C6-404B-B15B-D3E9D198CD58}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{338FE227-BBFF-4E26-9BDE-77D978598C28}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3434809C-8372-493C-A8F9-184FAD9C2720}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{34818D23-C394-43B4-8E51-D69493709BEC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{34933A08-2B86-4B29-A055-B4C2BF284DD5}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{360359D9-FA50-4F1D-A69E-A40D38362013}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3639EDF1-6C8A-4C47-875E-D93122D5E508}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{365D72EA-BD68-4089-951A-2F013A634D40}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{36AA7EE5-94B4-4A91-AB78-88F59B31761F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{380165AB-8DC7-493A-9488-7ACD2643245C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{38F3489B-9044-4FC6-B815-E6C115555576}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{39B67F7A-69A5-44CB-9977-433C9190E451}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3A148405-50E0-4360-81C1-90D8D5B77F45}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3A68A2EB-053A-4CDC-B8FF-A7A85E5533FA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3A8FBF95-7258-4D06-9E50-C476C4831E08}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3B35CEB5-83A6-4563-B58D-2E2FCA4DE8C3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3B96C1BE-BF53-4596-B590-DA573F06EF30}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3BF8BF5A-C797-4D47-B842-56674D4B5A69}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3BFA3BBE-43F5-4CB8-A1A3-17D5C7911887}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3C21BECE-4198-4500-9DA5-EADC724C4BC3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3C9AC365-1B6C-4EAE-8EDC-6A4CD5643528}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3CE874AC-F288-48EB-9056-4B4B01F69876}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3D9A1E00-236F-4819-9E79-86ECF53207CA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3DE6F55D-9C49-42A4-8A3C-79DCB817768D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3EFBF115-E966-4018-93A9-6C443E26A651}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3F8B48E0-55C7-44DB-9F02-680C4CCE1514}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{3FF141A1-2380-426B-84D7-10E89430CE40}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{40188F41-B773-4435-8FDD-D433EB4B6DEB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{40AA2EE5-B98E-4CBF-997B-7B7EBD0BD61E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4116D629-14A2-492E-99F7-36B7C2646973}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4237135D-E61A-4C4E-A6A8-FE6E4377F3B3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{427F7617-D1B7-42BA-BC04-CAED01ACF7CC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4365C4BC-339D-4EE6-97E7-08F1104F1865}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{43E9153D-F4BA-4E1E-93C6-556960F4256A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{43FE27F6-EE50-4855-AC5F-4BEF0671E516}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4521C144-8EE4-4836-8B3A-702484027638}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{466FBE2D-9104-4A4D-BA98-E4CBD06C9E35}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{46F7BDA8-D5B1-4D46-A3BA-FB14B7FEBAD5}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{476A4F10-0CEE-44AA-BEA3-7E6FD04CABC7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{487F3590-5FA5-4BDD-8F8C-B0E531079D29}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{48AA0DE5-B6D5-4678-AFD4-72333078BB60}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{490BAA17-E063-49EE-A0E2-229E0360A097}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4AA96FD0-8D76-488B-92C9-F8283AE789A0}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4ADB3D1A-5B0C-4487-9CFA-9DDDDFE0ABBF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4DAA5B61-36FB-449F-86E7-F53B3B821AAC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4F76FDD5-F0E5-49B7-9465-23529EB074AF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4F91D788-9AB0-48D6-A572-046F6F2638A2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{4FB35FDD-D843-49DC-AC18-66D3717F6F16}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5054783E-821F-4085-A6FB-1DFCE5D67703}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{505B2A35-8B1D-4786-8089-5EBA737CD2A2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{52AB9C81-2D60-4A09-A9E5-698714ACDE38}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{531816F9-D324-4CA6-93A3-E0F11336DFE9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{533DE965-AF8E-4237-8329-A977F3465074}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{53D914E6-A2FB-4CF3-B771-FBC2334B943E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{53DC8237-2774-4D63-976E-270524C7A429}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{546198B8-A1CB-46FC-BBF3-F071A34098D5}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{54A2941F-A2E5-4FFC-A8DD-5525C7D11DC1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{55685D77-F532-4023-838F-C7BC48CFF864}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{55945E10-D04C-421E-B45B-9E1F6B7EDE82}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5629E9A9-8E46-462B-B226-582C0BFB78A9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5711DF6B-B3A7-4064-8E20-C00CD1DFEF0A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{57BDFBAF-0FB0-46FF-B16D-8B0F5C1EDFDC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{582744B8-B3BC-42AE-B43A-BD7F6F9637F0}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5916CC9B-6D2C-415A-839E-5EE89FA802F9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{59D18238-F479-4E80-A54B-607E9A52CB65}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5A1388AE-424B-4B07-83FE-84BA1CB42262}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5A6B768D-F646-42A6-B4BA-6AB4D62D8213}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5BEFD481-5520-4DFA-99B4-AE738875663D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5C416038-83CB-4BBB-8742-BB4BA373FCC3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5CB98BA5-E66C-49BF-A8A3-31E5E2584552}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5CFCF1AD-C0D5-46BF-B2D7-23C5A443DBFF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5DE26750-EA96-45A1-B05C-86981658E7E3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5F11F26F-670C-429B-8341-F5EE505116FC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5F1BA7B0-6EE9-4BB4-8671-A440DC8AE655}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5F3891FA-A284-4424-97A6-180FD2C21085}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{5FB9E734-A35E-4FB6-9366-8EF495B9092C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{603780F7-932B-4834-A43B-3BDE2D072BC6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{60B492DE-8094-4D7D-B515-454B49BF2D8F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{61412E08-440F-43FF-8538-C34AFF2D2866}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{62739936-0D8D-4E98-B44F-C0B55181D80B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{63007148-C760-4A03-88AB-2DE40DFFB30D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{63B0E440-CB5C-4D89-B028-9613C9E446DE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{65DC4D95-6BC3-4EDF-9EFA-BBA3B283C176}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{672B43EA-0917-4F5F-B92F-4DA586743972}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{675C198C-C4E4-4F6D-A68C-49AE4EFD2C31}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{67BF1627-B2B9-4C85-A396-F8B642817BDC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6915176D-398D-4E3C-AAAD-E3CFCAF6834F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{69260B6F-6DB1-480D-A4C1-BDFA999FE1D0}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6928B8FF-FBA5-4CE7-BEC0-76D3AEF3B64C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{69FD1173-C168-41AC-A29C-50A9D3108547}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6A381E7C-ABF9-49DF-8082-5E7D23410793}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6AC697E6-2371-4917-BC07-8972B2C8A543}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6BB647D3-471C-4C6A-9767-6D33636F6A0E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6BEDE449-F16B-434A-8CD8-5609B2A18672}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6C59F312-0E6E-425E-8CB3-636D9E010053}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6C5D9A9E-9DDC-4044-A080-FC5D32CC0A5E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6CF03C17-2B8A-43DB-8DF6-4DAF61588565}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6E18463F-3174-4A36-A471-CCD6A147462E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6E9C30C9-42EE-4A8D-935F-D27D5795B602}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6EC12698-F703-4231-A940-0D5435774047}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6F5894DA-4606-4967-B89E-1924D842E2B9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{6FB1A9F1-17E3-4D1C-82BE-85417AEF000C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{71BDB4C0-E079-4594-B1F3-9BDFCB2E97F5}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{71CD6FF5-0177-44C7-860E-DFCC7AB0BE50}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{73B7D846-4748-4D42-B8A8-88A7B4C9F2E8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{73CDF9B7-49C0-4025-8981-87B8FB3B34C1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{73EC68B1-7989-4F89-B454-13165C4B1D3D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{744C95F5-D6C1-48A8-860A-06CA69BF0715}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{748B2935-7BB7-4CD5-B97E-9A00D23C244C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{74DC53F2-D617-427F-866E-E83BACA2BDDB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{76E4453D-D8CF-4FE7-A279-82AFF0D6137B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{776DCDF1-012B-4AD8-A579-113909ADEEDE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{77AA671F-CF99-496A-AB1F-7B73FED54BE7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{78198FDD-0A00-40C1-A2F6-719AFDE4A57A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{789EA0B0-4993-407C-A592-14FA78891247}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{78DDD22F-C336-4C79-90D0-27A5DE0217C4}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7904802A-95D1-46F3-ABE0-6A4AF2370539}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{792F6296-5ED8-4A2B-A4EC-2A709BA7D68B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7944AEA7-8283-400B-90D8-A976B165C459}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{79510599-2E50-4763-AA60-6113A0D3C528}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7967655B-036C-4C76-AF1D-C16EFA6D38F4}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7B23915A-CF7F-466D-828D-F718AC73AB18}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7C9C5374-3DF0-4C73-831F-590D7DB69762}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7CC66712-6EA5-4099-A441-53960392FC6E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7CE1A65F-DBBE-4366-B727-6336ACF0C270}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7DCAACE4-CF71-4251-9401-8624D6E502C4}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7DD38293-8494-4A1A-BEC2-5E2B51E4348B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7DE8B804-65D6-4811-BF51-60D8DEE97FB8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7F2EA10B-3777-4982-93E4-933150EF5744}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{7FB51189-AF89-4A5F-9186-13293482DFF0}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{81686385-7DA6-4DDD-9DDB-D2A754333B1B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8180A497-77F8-43E1-8A78-827D8B5B7CDE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{81814CFF-627A-445E-B203-55E4E9DEA650}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{81978E67-613B-4609-8739-1997E6811001}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{820A843C-A4F0-4E9D-AD98-935E2E95BE33}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8277904C-1536-41FF-936E-FA474CA1CABD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8292C15B-121D-402E-82F8-15563B363373}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{82E8C90F-5B53-493A-94EC-4B8D5C82B709}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8300485D-7CDC-4395-81EC-C0A57C3F59EB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{85DA2A50-C2BF-47BE-B002-82DF77FC825E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{861637C9-A19C-4A7E-82A5-B12951CC968A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{864CF7B1-8490-4106-A0E9-25B51C9A99AF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{86ADEA5A-F5C5-4ACC-ADC9-F695E2C5EEC0}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{87791F95-751F-4EFF-A97D-02EE7CA0E81B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{888117E8-B3EA-40EC-BD8C-B17D4C5CAA18}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{88842BD8-6B9E-4942-9972-3D61B933DB6C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{88F7C1CE-F2FC-4D42-821E-008EBB11A172}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8A611EA8-119B-4248-A88E-3A8D50AB1313}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8B5C8E74-0450-46A4-927D-5C684867DB80}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8C569D59-51BA-43C7-A6E2-EDBE2BFC2811}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8C844A82-4653-4D30-BF20-52C7629A0F59}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8C971DA7-8D15-4AE6-93F9-3A9795DDE5D2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8D612DEB-E11D-4C18-8030-B313CFC1211F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8E22161F-5CB4-4E06-8E57-0255D386D03E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8E419C5B-7357-44FE-B036-44FAB1925C48}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8E84742C-21B8-4D17-8043-621C8930725C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{8EBD7740-CCCB-46B8-B32B-C15A0BB5D9F2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9006163E-2403-4EBC-81F1-C40350B1A92E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{90C616F6-47B6-489C-883A-638D7295DE43}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{90FE7CDB-D33E-4BAF-92A1-C35FCD32213D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{919FA716-6AEE-4BF8-8CCC-A3F469DCEAEE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{91D20377-C343-4AF5-A84D-537EA7DAF353}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{92364D38-74B9-49F4-9E9A-EA121A4E52DA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9258FB64-D8DD-4680-B9D6-09D580D492A7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{928D87FF-37BE-4F06-904C-A181B73E4B1B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{92F3A9B8-BFCB-48C4-B870-4A1B3F7C53CB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{93E038BC-B500-4C6E-BBDF-1F38D94C9F36}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{93E69706-8BBA-4828-8B25-83EAA6BF39A7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{940E3FFD-38C2-4641-AA72-7A9363370F7D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9432F4A4-1DA0-4865-B243-257576B1E915}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{94936BEA-C469-4141-8045-3BDC9B737A0B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{94FB23BB-CB87-4525-BCB1-9C6741B5C2DD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{95452663-D031-4B7B-BEE2-4D76F30C40B6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{95AF197E-BEE6-4B32-B44D-29EEF11FB31B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{95C5544F-6B15-4766-8A60-5F131DC440C7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9622B317-242C-425B-AB4D-AE7D716AA507}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{987D4772-D0BD-461D-A422-234425FF6CD3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{99091666-98F7-4431-BD29-E3EE866F50E7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{99762026-F254-4662-8319-529E7C181E2E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{99B1B61B-3443-4730-BF78-71CC919F1EE7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9A44871E-D4EE-46CC-887C-B2D2AA9ED0FD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9A4E5C5F-C78C-422E-8F3F-C49E0A8E8D30}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9C400986-DFE2-458F-ABB0-A8E9C9889E81}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9C46A873-B564-4367-8B4A-AC11824CEA34}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9DC21D5C-1585-4EB9-8FEE-457D7EF0D420}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9DC55A86-4B41-4A3C-BADC-C2C92FF6346C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9DF66978-D1ED-4CC0-94AA-76A9E269AB4B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9E7FE43C-86CA-400E-A264-5C5B7D64D186}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{9EDB1C21-6CCA-4441-99F3-6395D34E220A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A062BB9F-BF8D-4F85-BC61-453A9A0778C6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A064DCA8-26E1-4B45-A0DA-5DA55E92E8BE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A0B99A8D-8354-4BA1-A0F7-CB330DC2B759}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A21D50CF-61DD-48A6-8823-6DCE2A1439BD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A22C26ED-E57B-4722-861D-2DBE791797CD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A23CE230-1944-45A9-960B-90D18685A05F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A318FABD-F6D4-48F5-A945-A9014EA83764}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A33A2520-6F7D-4179-82E5-E861B67644F7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A3A08FC5-FA67-4DF8-BE33-3C183B2B952F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A47CF0DB-79A5-4E67-8EED-E5AB99B77716}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A4AC565A-65B3-4D71-B533-736D980EC4B3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A4CCB017-ED41-4E68-9C6B-D3DD496FBBD6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A4D976B6-9BBE-41FC-BFBD-A83DA9E2036D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A60AF866-3C8F-45BF-80CC-CCFC7B99F0CC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A8215699-6643-4380-8543-D3F2FFCA54BA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A896E838-60DE-4ACD-A9CB-151D8265D3A2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A8A39C59-19F3-4CA6-8E29-7180F8CDD748}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A8B1A621-D408-4D2A-AF15-C06ECEB00EFF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A8BB9D7B-4B6B-40CF-A734-31FDD16FCF03}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{A98406E5-4F1C-44E7-BF13-18A4D45080CD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{AA2DC750-9014-4ED0-BC92-FB71704A15E2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{AD2E54B2-7D59-4CD1-B690-A41C265D710F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{AD49336F-A45B-451E-B793-D9B5DAE9A894}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{AD926B97-9D97-4A69-BBA9-DC1F110A5554}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{ADB45387-06EC-4D21-BAE5-E8FC0A2BE3A2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{ADE4B164-2C22-47F3-BC3E-DD03E0C08BC6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{AE1BA27C-52B8-430B-958F-7A9159965BDD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{AE407F89-1F93-4E9F-A3E3-318C1EE65630}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B005ED36-8111-449E-94AF-569E61116D77}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B05BC204-3C9A-4D7A-9591-AFC9A7B0F5F9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B0647AC8-AC3F-4D58-8F2A-ED02D5CB6364}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B0750EB5-FE8F-4776-9999-1AF7B21EC16F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B0AA4076-4ABC-4833-83F6-E1D033EFCAF2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B0C32AFF-77C1-4695-B806-70220C56DBBF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B16C4E20-42DE-421A-9B4B-B22EA9CEBC86}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B1B5037E-528E-472A-AD55-496B2A0EB7E2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B1C5B804-BA4D-404D-AFA6-52C64E7740EB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B2C3ACEE-EA40-432F-8B21-8C43AB4E9141}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B36E40C1-BDFB-4F33-9E11-43E93E836FAD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B403BCE0-FECB-4A83-A4A8-5C0A4235E200}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B473C589-B19D-46AC-A963-A4E291C3C386}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B51A9688-376F-4AB3-9D85-AE4CD8DFFC69}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B5848CAF-3602-4B52-983E-01146A9B4EB4}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B5FB8027-85B6-411F-8F9A-7611E0283B71}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B6688977-EC8B-4402-955D-B34950354A74}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B69DC8CD-A693-4634-B8DA-E9C268FB8ED3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B7040B94-DD2B-4864-8371-0A97A6B8DDE1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B712ECDB-E269-453E-ACE7-FF333CF0F1E2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B758E90B-EBA3-4CDD-8D12-9105F0C47B34}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B7A2192F-887C-4422-A7B9-8104E47C0F82}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B833FDB3-7B43-44DF-AC45-967618A84769}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B8D61B29-5D9C-4F3B-984E-8D845FE79950}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B9555ADD-BF6E-4861-8F03-02DFD8E05CF9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B9AE14D5-41E5-4D76-85E8-2B4B555ADD0B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{B9DD235B-368D-46B7-AE77-70ABAB7A34C4}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BA93E25C-3464-4610-B23A-0239E9ACC5F1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BB126431-147A-4DD0-A6F3-23D42ECF5299}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BB28ACF7-C95E-46DC-BAE2-4AF2A57492C2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BB39F4A3-5549-4B87-A947-1D343C07EE5E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BC1C7BA6-1B01-4C6B-8BDE-015FE05BBE8F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BC2BD051-EF30-4B32-8A87-660F45E34F40}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BC5DD191-7C40-4E87-900C-795C0AC939EC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BC6EF726-103E-4CCB-9E57-D2606F3002B2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BC79F88F-DFC6-401D-BDE0-24371A604618}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BCC58547-A59E-413F-9A31-92D9E763874F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BCF9F7AE-59C4-42CB-AA66-A982E38A917E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BD24ABEE-16F4-48BD-B998-BDC6123E01F6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BD4DF6CF-BFEB-485F-8E76-78086DD7A2E7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BD767789-C9D3-402C-BD00-58072E2C918B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BD7D68D4-F570-4320-B1D0-0ACB49862B07}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BDBBE392-5877-404A-A733-3A769033AB96}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BF4D2DD7-DDC7-4768-A157-337ECA268D19}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{BFBB5BF5-51DA-4349-AF79-8AD3710599A6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C0C48C2C-1320-4068-BD3A-4606D5CBB54A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C1C0E5E1-8438-44A5-89D6-EDFE6074519D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C21D2EA0-B8A5-40D8-9951-81E939E68474}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C2D68426-284F-4BDE-916A-51C1F9C95878}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C2E9D1F0-CD2F-413B-870A-360D50446342}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C3107BE2-6B94-4073-8503-174FDA80E5F6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C3A59942-3753-46FA-B743-72E577BAFD13}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C40C164C-674D-4C5F-AF53-C85270445735}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C436F131-D260-414F-82E1-99CE57933649}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C4F6DFD7-72B3-46C5-9511-E6184CC5F45D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C57189D8-77AC-47A2-9376-77E0A534452A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C591EC3E-E789-4467-BD94-151D2263A331}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C5AC6C0A-62DA-4E2D-9F50-218B2A51EEDF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C780EB39-53D7-4DA5-BDC5-D558FB3AFE88}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C89F65CB-3E90-4F54-9B53-A21A5C5AC9C7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C973787F-1CAF-43FE-BC53-97DBF140CCBB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C97C888E-28BC-4732-B6DE-3DBF4C3AA16E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{C9CABFB9-F377-4B82-B8B3-2BE450039E14}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CA4EBDF7-2633-49C2-925C-446B07BDBC46}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CAC6ABF3-4715-4C7F-BE36-4747B743EB82}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CAEFB0E8-5359-461B-98EC-5BBCD9BD1F77}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CAF9F0FD-CE07-4A01-86F7-982BD0B67B7F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CB0EE47E-9907-4467-92DC-855A7E0A488F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CB7217EA-5493-4C40-B12A-16A57A9577D4}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CB7A6E6D-BC46-497D-9BC9-4F167D225F22}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CBEF6FC4-7795-4F95-BFB8-AD24CBDAE23B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CC6A224D-2C4E-4D1D-98CE-0189DAB35820}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CCA18681-8F0B-417C-9EDE-086D129AB1A1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CCE651C2-920B-44A9-94E6-633D83D41519}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CD62A003-7F58-49AA-A412-06E94BAB1686}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CD62AD22-A919-48C8-9826-B275773F5FBB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CD671102-CEA4-4447-B49C-9E0FDB25166D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CDCE1E02-3BD5-4CDF-B9F6-544B9F927B0B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CE103414-0D22-4C24-991E-8A84351CBB89}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CE3B63B4-1268-4217-B4D2-591C50329991}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CE3C812B-E337-4646-880E-7602F6337E3A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CF11958B-D36C-4D28-82C6-F420449316D8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CF3E9E59-29D8-4713-88E8-7AE33F90AEE8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{CFA6446E-770C-4899-915D-79F1F722BE28}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D02C6006-3C6E-4272-AD26-D547959A990D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D0A7CFE8-F459-4758-B600-27C70FE61CD6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D0C113E0-5440-4179-BD8A-66B9D8E83D28}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D0CD94C6-32EA-489B-B06A-FB40D8EFF98E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D2906635-0948-4B37-9F8A-CEEE174CC8EB}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D2B035EB-DAF5-416E-8D7E-DA65D4056E21}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D2E0EB45-4474-46CE-A519-5F5D3C1E6F57}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D49DAA95-5B75-4A31-A59E-EFC980EF41CE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D6426B3E-DC92-4D57-8D53-565A664C3E2A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D67C04FE-7F05-4981-AA8F-A1EA9823BB1F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D7048409-16EC-4736-905B-4192621F98B7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D73294EB-9BE2-4369-AF27-2FC9C2A9543F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D7E5FDDA-963E-4FBB-A257-D6DC244494B6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D8650CBF-34DA-41D5-83C4-8FB25CD364B8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D87790FF-6F67-418F-BF96-EA8399092952}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D8BFA2E1-149A-43F4-AB42-2008747129CC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D907FD59-D7A6-488B-ACC8-C4578845B56F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D9C3AE4F-5AAF-4F1C-B73E-F572768C79E7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{D9F49DF1-959C-4FEE-80B5-9A175ACB252F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DA0BC3DB-9312-41B1-8A50-21A4D5373D1E}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DA27EA73-40BB-4F1D-9609-CE9184E73E67}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DA4801BA-E7AB-4420-AEB4-D00C2B810FDC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DABFE39B-BC1B-4860-BC24-558D6ACA9746}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DAC63BAA-B764-41F6-B9E2-8722D4E164C6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DB0A55E7-5C0D-4BBE-BBF6-348F934B0F67}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DB5761B7-4E87-4E3C-A5F8-432806EAF63D}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DB7DE758-B23C-48B4-9E9A-C1E3008E0C70}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DC7857F5-E64F-42F6-8DE6-A479F4255808}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DCAC821D-676B-4A1B-862E-7D933334D04B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DCEB6D17-77F4-4E61-80A9-DCCDA413C32C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DD8BEA88-12DE-4076-8198-7AC8CC3491C8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DD97AC79-D1FC-48FE-B2A8-C66667BF9731}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DDA356C5-36C2-4B70-BF54-6576780D443B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DDB5D26E-09C8-4FE0-B9EA-89624040771C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{DFFA9F53-CD37-4DF2-BB84-DFE4C22F4DD7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E05BCB56-78D3-41B5-9012-2F38F2D720CE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E074A750-6922-43AF-8A48-A557730DD283}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E085A5AA-6A40-4F71-81B6-B0163D71516A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E0E92CB5-FED1-40C6-938A-55114E453506}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E19D1725-A872-4B0C-B2D7-86DFC3D97B43}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E1B801C0-EAC5-4D09-8FA0-E1E1252629BE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E2D2C9D7-72BA-4A60-9A13-C1276FF97CF3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E346E372-0417-408D-9EAE-A97A13A806BE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E3726636-2EA5-462B-8BB2-306B89E554AD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E3EA9CC1-C919-49B5-8875-6EC1C771C09B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E4363804-3F79-44EC-8296-104DB2305C66}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E4E0B2FB-1648-41F5-92B7-B63E894A0A6B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E5022105-EF20-414B-A677-4AB532DBF51B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E5B8AF47-D27B-4A94-8B8F-210FBF84F778}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E616F6AA-9022-4084-8B77-85938D021CAE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E6C2B1F7-0E75-4242-988D-B508D9F758A6}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E6F70EB7-2B83-4A9B-93D7-D83D1E6A9702}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E71DCCBF-24CD-4B04-9D92-F2EBB84C40CC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E77E9599-4EC3-4F89-9A9A-4DB00A26CADA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E878CA4F-CF42-4EC6-ACA7-75141447A5B2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E8DF080C-1B2D-476A-B2C2-3FFF1CD0EE83}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E962D9B7-E43E-4983-868E-935A0F8266BE}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{E9E983F2-3529-44C3-ACF1-254415646D24}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EBF1D721-5141-437D-91F8-E6C3EB7522BC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EC0080E0-EA6A-4BB1-87B2-C6928593D051}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{ECEF7493-6B57-4FD8-B4E1-FF0F01840120}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EDD44ED3-A056-4C3E-8FDF-F905B5F09D85}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EF1FCEB4-84E9-4C12-8336-AF8E7FD1AA26}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EF2FEAA8-EE15-4A21-B4DB-146000392902}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EF45B897-05AC-43D3-BF9D-37D5CC683CB3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EFA19AB6-4989-43F6-98B1-5D632F1F38E8}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{EFF0030A-6757-4858-9542-AFBA80012B08}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F05735F1-7ABC-4F12-BA8C-149E31AD4945}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F08C3E4A-72C5-4408-AF13-BD2508B6D32B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F08DD8F8-F5C6-493D-BFE0-1A7C30AFE0E1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F0E30EE6-04FF-46A4-B697-C56DC862D7BD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F2C5258B-E2F8-4665-A894-C9685B52C8FC}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F33DD894-63AF-42CC-A208-774376DB076C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F3A3BEB9-7742-4996-86F1-F76CB50289F2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F3DC1622-B4BA-4285-88C0-724DC7420CE7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F3E0BF1F-84CC-40FB-8423-CBB8EC05BB62}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F49CFAFF-6C98-4ED3-8E75-29DA98E4EA6C}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F4E814EC-A889-4747-B803-1C6DD4C3276B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F5719BEC-3273-48C9-9A98-1D3CEE5B8D11}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F6A8A30E-BF4E-47B2-91D1-4DCAFE561143}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F6B453E3-F592-46B6-9759-34F9329D06EA}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F6C837C7-ACC1-4612-B37A-3BF7ED5C6432}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F6DB1B4F-4349-4F92-8D6C-7815879AF0CD}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F7851A28-DF3C-43E9-BA6A-096C14C084F0}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F80A29F3-2DA0-44B6-977F-1D4B715414EF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F80F85E6-B3C0-4067-9119-CF2B1BEB71AF}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F87B50DE-1FE1-4B65-BF57-4A8A5A80912B}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F87D921B-E6E6-4B1B-8A15-181B679092A2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{F9D7A68F-02D9-462B-B9DF-BCD6E535F68F}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FA5ED9D9-FDE5-4AE6-BD04-C536EB5A41E9}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FA95C032-49EE-49D3-B66D-3E792D44507A}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FBCC0A15-CA79-4AA0-BF46-BAEDF1BF43D7}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FD0F5FF1-074C-44FD-898F-10675198C2C3}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FD649304-0BFD-4388-B012-E9D3E2A060B1}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FE0AF41B-9892-4D6D-9271-CB374E82AC51}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FF144D8B-1B8F-425E-B944-2A156635ECA2}Successfully deleted: [Empty Folder] C:\Users\carol\appdata\local\{FFD8FA5F-BD3A-4085-B7DE-01AC33311748} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 10/29/2014 at 10:57:52.00End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.002 - Report created 29/10/2014 at 11:06:42# DB v# Updated 27/10/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : carol - HEATHERLAND# Running from : C:\Users\carol\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17344-\\ Mozilla Firefox v-\\ Google Chrome v*************************AdwCleaner[R0].txt - [4940 octets] - [29/10/2014 10:59:40]AdwCleaner[R1].txt - [863 octets] - [29/10/2014 11:05:57]AdwCleaner[s0].txt - [5098 octets] - [29/10/2014 11:00:34]AdwCleaner[s1].txt - [778 octets] - [29/10/2014 11:06:42]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [837 octets] ########## Link to post Share on other sites More sharing options...
Naathim Posted October 29, 2014 ID:898550 Share Posted October 29, 2014 If you don't want to keep them, go to Control Panel and uninstall them. After removing all this junk, give me fresh logfiles. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool. > XP users click run after receipt of Windows Security Warning - Open File. > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
h90 Posted October 29, 2014 Author ID:898759 Share Posted October 29, 2014 None of them show up in the control panel. I couldn't find them in the search bar either. Still can't browse certain pages online. (facebook, google, etc.) Thanks! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014Ran by carol (administrator) on HEATHERLAND on 29-10-2014 15:47:06Running from C:\Users\carol\DesktopLoaded Profile: carol (Available profiles: carol)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(WinZip Computing, S.L.) C:\Program Files\1-click run\WinZip Pro 17.5 Build 10480 (64bit)\WZQKPICK32.EXE(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Black Tree Gaming) C:\Program Files\Nexus Mod Manager\NexusClient.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-10-23] (AVAST Software)HKLM-x32\...\Run: [blueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [831192 2014-07-03] (BlueStack Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [DAEMON Tools Lite] => C:\Users\carol\Documents\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)HKU\S-1-5-21-1649277139-1060227582-4263488454-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnkShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\1-click run\WinZip Pro 17.5 Build 10480 (64bit)\WZQKPICK32.EXE (WinZip Computing, S.L.)Startup: C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnkShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D8840E583F1CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U162StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=139&systemid=406&sr=0&q={searchTerms}BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No FileBHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No FileBHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Fast Free Converter 4.1 -> {8232785C-5C98-4A6E-B7B4-911FFBED7582} -> C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL No FileBHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No FileToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileToolbar: HKCU - No Name - {22DFBF5B-A7CD-4B25-9471-3DC68C71855F} - No FileToolbar: HKCU - No Name - {16BB67E0-6319-4077-BE84-F41269E051F3} - No FileToolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/JoJo's%20Fashion%20Show%202%20-%20Las%20Cruces/Images/stg_drm.ocxDPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll No FileFF Plugin-x32: @ei.Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5qEI\Installr\1.bin\NP5qEISB.dll No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @mywebsearch.com/Plugin -> C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No FileFF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\carol\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.binFF HKLM-x32\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files (x86)\BetterSurf\ffFF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ffFF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home311.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ffFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-15]FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtensionFF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha235\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta548\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha402\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha71\ff [Not Found]FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ff [Not Found]Chrome:=======CHR Profile: C:\Users\carol\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (FTdownloader V4.0) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok [2013-06-14]CHR Extension: (SiteAdvisor) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-04-16]CHR Extension: (Torntv 2) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje [2013-06-10]CHR Extension: (GoPhoto.it) - C:\Users\carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2013-06-10]CHR HKLM-x32\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []CHR HKLM-x32\...\Chrome\Extension: [bebnnlollpcjnfpkafhoclljaojgnfok] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx []CHR HKLM-x32\...\Chrome\Extension: [bffjccobdichdckaoldboabfigpbokfa] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta548\ch\VideoPlayerV3beta548.crx []CHR HKLM-x32\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx []CHR HKLM-x32\...\Chrome\Extension: [fpjimchmoknjabnkkchcaimpdfdhfdif] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home311\ch\MediaWatchV1home311.crx []CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [jclikickahdnaiaonplibfidddddiapk] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha71\ch\MediaViewerV1alpha71.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [kemphmeilhpkpfgghpcffekcicoelbca] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha235\ch\WebexpEnhancedV1alpha235.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2014-10-23]CHR HKLM-x32\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx [2014-10-23]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-23] (AVAST Software)S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-11] (WildTangent)S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]S4 tvnserver; C:\Program Files (x86)\ShowMyPCService\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-23] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [82768 2014-10-23] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-23] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-23] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049920 2014-10-23] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-23] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-23] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-23] ()R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-01] (DT Soft Ltd)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-08-01] (OpenLibSys.org)S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]S3 AndNetGps; system32\DRIVERS\lgandnetgps64.sys [X]S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]S3 vdrive; system32\DRIVERS\vdrive.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-29 15:47 - 2014-10-29 15:48 - 00022779 _____ () C:\Users\carol\Desktop\FRST.txt2014-10-29 13:56 - 2014-10-29 13:56 - 00000000 ____D () C:\Program Files (x86)\TSEV Skyrim LE2014-10-29 13:45 - 2014-10-29 13:45 - 00001251 _____ () C:\Users\carol\Desktop\TSEV Skyrim LE.lnk2014-10-29 13:45 - 2014-10-29 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSEV Skyrim LE2014-10-29 12:55 - 2014-10-29 12:55 - 00000897 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk2014-10-29 12:55 - 2014-10-29 12:55 - 00000000 ____D () C:\Program Files\Nexus Mod Manager2014-10-29 10:59 - 2014-10-29 11:06 - 00000000 ____D () C:\AdwCleaner2014-10-29 10:59 - 2014-10-29 10:58 - 01998336 _____ () C:\Users\carol\Desktop\AdwCleaner.exe2014-10-29 10:57 - 2014-10-29 10:57 - 00064928 _____ () C:\Users\carol\Desktop\JRT.txt2014-10-29 10:51 - 2014-10-29 10:51 - 00000000 ____D () C:\Windows\ERUNT2014-10-29 10:50 - 2014-10-29 10:57 - 01706144 _____ (Thisisu) C:\Users\carol\Desktop\JRT.exe2014-10-29 07:16 - 2014-10-29 07:16 - 02113536 _____ (Farbar) C:\Users\carol\Desktop\FRST64.exe2014-10-27 17:16 - 2014-10-27 17:17 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-10-27 17:15 - 2014-10-27 17:15 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-27 17:11 - 2014-10-27 17:07 - 19114072 _____ () C:\Users\carol\Desktop\RogueKillerX64.exe2014-10-27 17:08 - 2014-10-27 17:08 - 00041228 _____ () C:\ComboFix.txt2014-10-27 15:55 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2014-10-27 15:55 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2014-10-27 15:55 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2014-10-27 15:55 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2014-10-27 15:54 - 2014-10-27 17:09 - 00000000 ____D () C:\Qoobox2014-10-27 15:53 - 2014-10-27 17:06 - 00000000 ____D () C:\Windows\erdnt2014-10-27 15:51 - 2014-10-27 15:56 - 05591695 ____R (Swearware) C:\Users\carol\Desktop\ComboFix.exe2014-10-27 09:28 - 2014-10-29 15:47 - 00000000 ____D () C:\FRST2014-10-27 00:17 - 2014-10-27 00:17 - 00000000 ____D () C:\Users\carol\AppData\Roaming\124162014-10-26 21:35 - 2014-10-26 21:35 - 88052844 _____ () C:\Users\carol\Downloads\Lunar Knights.zip2014-10-26 15:10 - 2014-10-26 15:10 - 00000000 __SHD () C:\Users\carol\AppData\Local\EmieUserList2014-10-26 15:10 - 2014-10-26 15:10 - 00000000 __SHD () C:\Users\carol\AppData\Local\EmieSiteList2014-10-26 14:07 - 2014-10-26 14:07 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-26 14:07 - 2014-10-26 14:07 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-26 14:07 - 2014-10-26 14:07 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-26 14:07 - 2014-10-26 14:07 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-26 14:07 - 2014-10-26 14:07 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-26 14:07 - 2014-10-26 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat2014-10-26 14:07 - 2014-10-26 14:07 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2014-10-26 14:07 - 2014-10-26 14:07 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx2014-10-26 14:07 - 2014-10-26 14:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll2014-10-26 14:07 - 2014-10-26 14:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-26 14:07 - 2014-10-26 14:07 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-10-26 14:06 - 2014-10-26 14:06 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-26 14:06 - 2014-10-26 14:06 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-26 14:06 - 2014-10-26 14:06 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-26 14:06 - 2014-10-26 14:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-26 14:06 - 2014-10-26 14:06 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-26 14:06 - 2014-10-26 14:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat2014-10-26 14:06 - 2014-10-26 14:06 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2014-10-26 14:06 - 2014-10-26 14:06 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx2014-10-26 14:06 - 2014-10-26 14:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll2014-10-26 14:06 - 2014-10-26 14:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-26 14:06 - 2014-10-26 14:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-26 14:04 - 2014-10-26 14:04 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-26 14:04 - 2014-10-26 14:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll2014-10-26 14:04 - 2014-10-26 14:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-10-26 14:04 - 2014-10-26 14:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll2014-10-26 13:59 - 2014-10-26 14:11 - 00008672 _____ () C:\Windows\IE11_main.log2014-10-26 13:31 - 2014-05-15 11:24 - 01351168 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll2014-10-26 13:29 - 2014-10-26 13:29 - 00754529 _____ () C:\Users\carol\Downloads\gdiplus.zip2014-10-26 13:29 - 2014-10-26 13:29 - 00000000 ____D () C:\Users\carol\Downloads\gdiplus2014-10-25 19:18 - 2014-10-25 19:18 - 00754608 _____ ( ) C:\Users\carol\Downloads\CR_Downloader_for_harvest-moon---back-to-nature.exe2014-10-25 09:20 - 2014-10-25 09:20 - 00001373 _____ () C:\Users\carol\Desktop\dpgplay - Shortcut.lnk2014-10-23 22:24 - 2014-10-23 22:24 - 00002050 _____ () C:\Users\carol\Desktop\Xilisoft DPG Converter.lnk2014-10-23 22:24 - 2014-10-23 22:24 - 00000000 ____D () C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft2014-10-23 22:23 - 2014-10-23 22:23 - 00000000 ____D () C:\Users\carol\AppData\Roaming\Xilisoft2014-10-23 22:23 - 2014-10-23 22:23 - 00000000 ____D () C:\Program Files (x86)\Xilisoft2014-10-23 21:05 - 2014-10-23 21:05 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-10-23 21:05 - 2014-10-23 21:05 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-10-19 16:48 - 2014-10-25 09:20 - 00000000 ____D () C:\Users\carol\Desktop\Emulators to play on ds2014-10-15 14:40 - 2014-10-15 14:43 - 00000000 ____D () C:\Users\carol\Documents\Assurance Wireless Documents 10-14-20142014-10-10 10:03 - 2014-10-10 10:03 - 00000000 ____D () C:\Users\carol\Documents\Games==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-10-29 15:30 - 2013-12-29 14:12 - 00000000 ____D () C:\Users\carol\Documents\Skyrim Mods2014-10-29 15:19 - 2013-03-04 17:38 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}2014-10-29 14:00 - 2013-06-27 22:15 - 00000000 ____D () C:\Users\carol\AppData\Local\Skyrim2014-10-29 14:00 - 2009-07-14 00:13 - 00780908 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-29 13:36 - 2012-04-21 14:08 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks2014-10-29 13:20 - 2013-09-01 18:15 - 00000000 ____D () C:\Games2014-10-29 12:55 - 2013-06-27 22:40 - 00000000 ____D () C:\Users\carol\AppData\Local\Black_Tree_Gaming2014-10-29 12:20 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-29 12:20 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-29 12:16 - 2011-08-13 19:34 - 01904499 _____ () C:\Windows\WindowsUpdate.log2014-10-29 12:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-29 12:11 - 2009-07-13 23:51 - 00022239 _____ () C:\Windows\setupact.log2014-10-29 12:05 - 2011-12-26 22:56 - 00000000 ____D () C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2014-10-29 11:07 - 2010-11-20 22:47 - 00994018 _____ () C:\Windows\PFRO.log2014-10-28 20:39 - 2013-11-06 19:32 - 00020304 _____ () C:\Users\carol\Documents\zsnesw.cfg2014-10-28 20:39 - 2013-11-06 19:32 - 00003806 _____ () C:\Users\carol\Documents\zinput.cfg2014-10-28 20:39 - 2013-11-06 19:32 - 00002480 _____ () C:\Users\carol\Documents\zmovie.cfg2014-10-27 18:49 - 2013-05-23 06:49 - 00003234 _____ () C:\Windows\System32\Tasks\SidebarExecute2014-10-27 17:08 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default2014-10-27 17:00 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2014-10-27 13:23 - 2013-03-07 00:53 - 00000000 ____D () C:\Users\carol\AppData\Roaming\vlc2014-10-27 09:37 - 2014-06-08 10:53 - 00000000 ____D () C:\Users\carol\AppData\Roaming\uTorrent2014-10-27 05:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-26 23:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-26 18:53 - 2014-06-15 21:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-10-26 14:58 - 2011-12-26 18:30 - 00001424 _____ () C:\Users\carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR2014-10-26 14:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-10-26 13:51 - 2013-03-06 01:28 - 00000000 ____D () C:\ProgramData\Yahoo!2014-10-26 13:51 - 2013-03-06 01:28 - 00000000 ____D () C:\Program Files (x86)\Yahoo!2014-10-26 13:19 - 2009-07-13 23:45 - 05101016 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-26 00:05 - 2014-06-08 13:55 - 00000000 ____D () C:\Users\carol\Documents\utorrent2014-10-24 23:12 - 2013-07-26 22:39 - 00000000 ____D () C:\Users\carol\Documents\Calibre Library2014-10-24 23:11 - 2013-07-26 23:08 - 00000000 ____D () C:\Users\carol\Documents\My Kindle Content2014-10-24 19:24 - 2012-01-07 21:12 - 00773522 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-10-24 19:13 - 2013-05-22 22:09 - 00000000 ____D () C:\ProgramData\Razer2014-10-23 22:41 - 2013-08-10 15:12 - 00002100 _____ () C:\Users\carol\Documents\desmume.ini2014-10-23 21:05 - 2014-06-15 22:10 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-10-23 21:05 - 2014-06-15 22:10 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-10-23 21:05 - 2014-06-15 21:29 - 01049920 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00082768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-10-23 21:05 - 2014-06-15 21:29 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-10-21 19:21 - 2011-12-26 18:30 - 00000000 ____D () C:\Users\carol\AppData\Local\Windows Live2014-10-18 09:51 - 2014-07-11 15:49 - 00000000 ____D () C:\Users\carol\Desktop\Temp2014-10-18 09:16 - 2009-07-14 00:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-10-14 20:40 - 2013-07-26 22:39 - 00000000 ____D () C:\Users\carol\Documents\Battery2014-10-02 15:53 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exeSome content of TEMP:====================C:\Users\carol\AppData\Local\Temp\dllnt_dump.dllC:\Users\carol\AppData\Local\Temp\Quarantine.exeC:\Users\carol\AppData\Local\Temp\sqlite3.dllC:\Users\carol\AppData\Local\Temp\Uninstall.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.C:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-10-26 02:17==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014Ran by carol at 2014-10-29 15:49:09Running from C:\Users\carol\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)1001 Japanese Crosswords (HKLM-x32\...\1001 Japanese Crosswords) (Version: 1.00.07.06.01 - Selectsoft Publishing)1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.00.07.04.30 - Selectsoft Publishing)1001 Tangram Puzzles (HKLM-x32\...\1001 Tangram Puzzles) (Version: 1.00.07.02.14 - Selectsoft Publishing)2002 Games (HKLM-x32\...\2002 Games) (Version: 1.00.07.02.13 - Selectsoft Publishing)2002 Kakuro Puzzles (HKLM-x32\...\2002 Kakuro Puzzles) (Version: 1.00.07.06.01 - Selectsoft Publishing)2002 Pentamino Puzzles (HKLM-x32\...\2002 Pentamino Puzzles) (Version: 1.00.07.02.14 - Selectsoft Publishing)2002 Space Out Games (HKLM-x32\...\2002 Space Out Games) (Version: 1.00.07.06.01 - Selectsoft Publishing)3003 Crystal Mazes (HKLM-x32\...\3003 Crystal Mazes) (Version: 1.00.07.06.11 - Selectsoft Publishing)500 Solitaire Games (HKLM-x32\...\500 Solitaire Games) (Version: 2.00.07.02.14 - Selectsoft Publishing)64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) HiddenAcer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) HiddenAcer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0301.2011 - Acer Incorporated)Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) HiddenAimersoft Audio Converter(Build 2.2.0.37) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software)Aimersoft DVD Copy(Build 2.0.0.16) (HKLM-x32\...\Aimersoft DVD Copy_is1) (Version: - Aimersoft Software)Aimersoft DVD Creator(Build 2.1.1.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)Aimersoft DVD Ripper(Build 2.2.0.27) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)Aimersoft DVD Studio Pack(Build 2.2.0.19) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software)Aimersoft Video Converter(Build 2.2.0.19) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software)Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)Ancient Rome 1.0 (HKLM-x32\...\Ancient Rome_is1) (Version: - GamesPub Ltd.)Angry Birds Rio (HKLM-x32\...\{0D637670-BC00-4FAC-8E00-518EB7F65091}) (Version: 1.4.4 - Rovio)Angry Birds Seasons (HKLM-x32\...\{9240D97C-D575-465E-A681-21C0979EE5DF}) (Version: 2.2.0 - Rovio)Angry Birds Seasons (HKLM-x32\...\{F84FF19C-E18B-43C4-9366-D3056CEF74A0}) (Version: 1.0.0 - Rovio)Angry Birds Space (HKLM-x32\...\Angry Birds Space1.0) (Version: 1.0 - Foxy Games)Angry Birds Star Wars II (HKLM-x32\...\{C4887610-6DE9-4538-A6CD-2B44673FE133}) (Version: 1.0.1 - Rovio Entertainment Ltd.)AngryBirdsStarWars 1.00 (HKLM-x32\...\AngryBirdsStarWars 1.00) (Version: 1.00 - Cat-A-Cat)Atlantis (remove only) (HKLM-x32\...\BFG-Atlantis) (Version: - )Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) HiddenBee Empire 1.0 (HKLM-x32\...\Bee Empire_is1) (Version: - GamesPub Ltd.)Bee Garden 1.0 (HKLM-x32\...\Bee Garden_is1) (Version: - GamesPub Ltd.)Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenBejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version: - PopCap Games)Best Games Hits 3 (HKLM-x32\...\Best Game Hits 3) (Version: 1.00.09.07.10 - Selectsoft Publishing)Better Surf Plus (HKLM-x32\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTIONBig Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )Big Kahuna Reef 2 - Chain Reaction (HKLM-x32\...\BFG-Big Kahuna Reef 2 - Chain Reaction) (Version: - )Big Kahuna Reef 2 (HKLM-x32\...\Big Kahuna Reef 2) (Version: - Spintop Media, Inc)Big Kahuna Reef 3 (HKLM-x32\...\BFG-Big Kahuna Reef 3) (Version: - )Bloomo 1.0 (HKLM-x32\...\Bloomo_is1) (Version: - GamesPub Ltd.)BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)BlueStacks Notification Center (HKLM-x32\...\{1AFACC2A-9A60-43EF-ABDB-2CEECA5EA77F}) (Version: 0.8.12.3119 - BlueStack Systems, Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Breathtaking Water Scenes (HKLM-x32\...\{D85D3012-4C63-4CD3-9614-682F4B3A467B}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTIONBug Bits 1.0 (HKLM-x32\...\Bug Bits_is1) (Version: - GamesPub Ltd.)Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hiddencalibre (HKLM-x32\...\{4B76F79D-7FC9-4007-9EE4-27B4A84477D6}) (Version: 1.29.0 - Kovid Goyal)Call of Atlantis (HKLM-x32\...\BFG-Call of Atlantis) (Version: - )Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCrystal Caverns of Amon-Ra (HKLM-x32\...\Crystal Caverns of Amon-Ra) (Version: 1.00.09.03.08 - Selectsoft Publishing)Cure the Zombies 1.0 (HKLM-x32\...\Cure the Zombies_is1) (Version: - GamesPub Ltd.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) HiddenDJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenDrug Lord 2 (HKLM-x32\...\Drug Lord 2) (Version: - )DVDFab 9.1.1.5 (07/12/2013) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)Dynasty of Egypt (HKLM-x32\...\Dynasty of Egypt) (Version: 1.00.08.09.03 - Selectsoft Publishing)ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)Fable III (HKLM-x32\...\GFWL_{4D53090A-9B45-437B-A66A-831000008300}) (Version: 1.0.0000.131 - Microsoft Game Studios)Fable III (x32 Version: 1.0.0000.131 - Microsoft Game Studios) HiddenFable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) HiddenFairy Forest (HKLM-x32\...\{D1D0FAEA-D317-439A-9798-3D406E850BDE}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTIONFashion Craze (HKLM-x32\...\Fashion Craze_is1) (Version: - GamesPub Ltd.)Fashion Season (HKLM-x32\...\Fashion Season_is1) (Version: - GamesPub Ltd.)FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) HiddenFeeding Frenzy 2 (HKLM-x32\...\Feeding Frenzy 2) (Version: - Spintop Media, Inc)Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) HiddenFluffy Rescue Levels Pack (HKLM-x32\...\Fluffy Rescue Levels Pack_is1) (Version: - GamesPub Ltd.)Funny Miners 1.0 (HKLM-x32\...\Funny Miners_is1) (Version: - GamesPub Ltd.)Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGame Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 4.1.0.8 - WildTangent, Inc.)Gardenscapes - Mansion Makeover (HKLM-x32\...\Gardenscapes - Mansion Makeover) (Version: - Spintop Media, Inc)Gardenscapes - Mansion Makeover Collectors Edition (HKLM-x32\...\Gardenscapes - Mansion Makeover Collectors Edition1.0) (Version: 1.0 - Foxy Games)Gardenscapes 2 CE (HKLM-x32\...\Gardenscapes 2 CE1.0) (Version: 1.0 - Foxy Games)GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)Hard Truck Apocalypse (HKLM-x32\...\Hard Truck Apocalypse_is1) (Version: 1.0 - )Hexagon Mahjongg (HKLM-x32\...\Hexagon Mahjongg) (Version: 1.00.08.10.13 - Selectsoft Publishing)HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2827 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTIONIsland Realms (HKLM-x32\...\Island Realms_is1) (Version: - GamesPub Ltd.)Jewel Quest Heritage (HKLM-x32\...\BFG-Jewel Quest Heritage) (Version: - )Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) HiddenJewels of the Nile (HKLM-x32\...\Jewels of the Nile) (Version: 1.00.08.08.27 - Selectsoft Publishing)Jo Dream - Organic Coffee (HKLM-x32\...\Jo Dream - Organic Coffee_is1) (Version: - GamesPub Ltd.)Jojos Fashion Show (HKLM-x32\...\Jojos Fashion Show_is1) (Version: - )JoJo's Fashion Show 2 - Las Cruces (HKLM-x32\...\JoJo's Fashion Show 2 - Las Cruces) (Version: - Spintop Media, Inc)Jojo's Fashion Show 2 - Las Cruces (HKLM-x32\...\Jojo's Fashion Show 2 - Las Cruces_is1) (Version: 1.0 - MyPlayCity, Inc.)Jojo's Fashion Show 2 Deluxe (HKLM-x32\...\{05331DF6-839A-4C9A-A013-54946E3772B7}_is1) (Version: - RaBBiT)Jojo's Fashion Show 2 Deluxe (HKLM-x32\...\{6AD79F87-DB61-4B04-9BE2-92149A98865E}_is1) (Version: - RaBBiT)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLaunch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Acer Inc.)Living Waterfalls 2 (HKLM-x32\...\{30DCE977-E0F0-41ED-BDEC-CDDB04064D0E}) (Version: 1.0.0.0 - InstallX, LLC) <==== ATTENTIONLost in Reefs (HKLM-x32\...\BFG-Lost in Reefs) (Version: - )Magic Farm (HKLM-x32\...\Magic Farm_is1) (Version: - GamesPub Ltd.)Magic Life (HKLM-x32\...\Magic Life_is1) (Version: - GamesPub Ltd.)Magic Sweets (HKLM-x32\...\Magic Sweets_is1) (Version: - GamesPub Ltd.)Magical Mysteries (HKLM-x32\...\Magical Mysteries_is1) (Version: - GamesPub Ltd.)Megapolis (HKLM-x32\...\Megapolis_is1) (Version: - GamesPub Ltd.)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)Milton Bradley Classic Board Games (HKLM-x32\...\ClassicBoard) (Version: - )Mini Golf 1.0 (HKLM-x32\...\Mini Golf_is1) (Version: - GamesPub Ltd.)Monkey Jump 1.0 (HKLM-x32\...\Monkey Jump_is1) (Version: - GamesPub Ltd.)Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version: - )Mr.Bree Returning Home 1.0 (HKLM-x32\...\Mr.Bree Returning Home_is1) (Version: - GamesPub Ltd.)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Web Search (Webfetti) (HKLM-x32\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTIONMystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) HiddenMyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) HiddenMyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) HiddenMyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) HiddenNamco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) HiddenNexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)Night Before Christmas (HKLM-x32\...\{C3D88AC2-D938-47F2-B76D-BC7308FC2A12}) (Version: 1.0.2 - InstallX, LLC) <==== ATTENTIONNOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)Operation Neptune! (HKLM-x32\...\Onwin32.exe) (Version: - )Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)Ostrich Runner 1.0 (HKLM-x32\...\Ostrich Runner_is1) (Version: - GamesPub Ltd.)PCHealthBoost 2.3.0 (HKLM-x32\...\PCHealthBoost) (Version: 2.3.0 - Boost Software Inc.)PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) HiddenPenguins Arena 1.5 (HKLM-x32\...\Penguins Arena_is1) (Version: - Frogames)Penguins! (x32 Version: 2.2.0.95 - WildTangent) HiddenPiranha Panic Demo (HKLM-x32\...\Piranha Panic Demo) (Version: - )Plant This (HKLM-x32\...\{18987371-41DE-4AC9-A05D-83A3767FADC8}_is1) (Version: - RaBBiT)Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) HiddenPlants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.95 - WildTangent) HiddenProject 64 version 2.0.0.14 (HKLM-x32\...\Project 64_is1) (Version: 2.0.0.14 - )Puzzle and Board XP Championship (HKLM-x32\...\Puzzle and Board XP Championship) (Version: 1.00.07.06.01 - Selectsoft Publishing)Puzzle XP Championship 3000 (HKLM-x32\...\Puzzle XP Championship 3000) (Version: 3.00.06.03.24 - Selectsoft Publishing)Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 3.6 - Razer USA Ltd)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)Richie The Gnome Underground Treasures 1.0 (HKLM-x32\...\Richie The Gnome Underground Treasures_is1) (Version: - GamesPub Ltd.)Ride'Em Low (HKLM-x32\...\{109D28DA-E555-4896-BF22-E312F764562C}_is1) (Version: - Play sp. z o. o.)Rocko Blocko 1.0 (HKLM-x32\...\Rocko Blocko_is1) (Version: - GamesPub Ltd.)SafeSaver 1.74 (HKLM-x32\...\SP_f5d3e0aa) (Version: - ) <==== ATTENTIONScan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) HiddenShared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)Shredder (Version: 2.0.8.7 - Egis Technology Inc.) HiddenShredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) HiddenSky Taxi (HKLM-x32\...\Sky Taxi_is1) (Version: - GamesPub Ltd.)Sky Taxi 2 (HKLM-x32\...\Sky Taxi 2_is1) (Version: - GamesPub Ltd.)Sky Taxi 3 (HKLM-x32\...\Sky Taxi 3_is1) (Version: - GamesPub Ltd.)Sky Track (HKLM-x32\...\Sky Track_is1) (Version: - GamesPub Ltd.)Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)Super Word Games 10,000 (HKLM-x32\...\Super Word Games 10,000) (Version: 1.00.09.07.09 - Selectsoft Publishing)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSystem Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)Taipei Mahjongg 25K (HKLM-x32\...\Taipei Mahjongg 25K) (Version: 1.00.08.03.04 - Selectsoft Publishing)The Cursed Land (HKLM-x32\...\The Cursed Land_is1) (Version: - GamesPub Ltd.)The Warehouse 1.0 (HKLM-x32\...\The Warehouse_is1) (Version: - GamesPub Ltd.)Tikibar 1.0 (HKLM-x32\...\Tikibar_is1) (Version: - GamesPub Ltd.)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTorchlight (HKLM-x32\...\Runic Games Torchlight) (Version: 1.13 - Encore, Inc., A Navarre Corporation Company.)Torchlight (x32 Version: 2.2.0.95 - WildTangent) HiddenTSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )Turtix (HKLM-x32\...\Turtix1.0) (Version: 1.0 - Foxy Games)Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVacation Quest - Australia (HKLM-x32\...\Vacation Quest - Australia) (Version: - Spintop Media, Inc)VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) HiddenVideo Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTIONVirtual Vegas Slots Bonus (HKLM-x32\...\Virtual Vegas Slots Bonus) (Version: 1.00.07.10.10 - Selectsoft Publishing)Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) HiddenViva Pinata (HKLM-x32\...\InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}) (Version: 1.00.0000 - Microsoft Game Studios:)Viva Pinata (HKLM-x32\...\Viva Pinata_is1) (Version: - )VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Waterfalls 3 Portals 1.0 (HKLM-x32\...\Waterfalls 3 Portals_is1) (Version: - GamesPub Ltd.)Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)WildTangent Games App (x32 Version: 4.0.11.7 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)WinZip Pro 17.5 Build 10480 (64bit) (HKLM\...\WinZip Pro 17.5 Build 10480 (64bit)17.5 Build 10480) (Version: 17.5 Build 10480 - Friends in War)Xilisoft DPG Converter (HKCU\...\Xilisoft DPG Converter) (Version: 7.4.0.20120712 - Xilisoft)Zuma Deluxe (HKLM-x32\...\BFG-Zuma Deluxe) (Version: - )Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)==================== Restore Points =========================29-10-2014 07:08:50 Windows Update29-10-2014 18:21:08 Removed Times Reader==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 21:34 - 2014-10-27 17:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {1B89F03F-ECA8-4E95-9254-9E0515519E7C} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2013-05-07] ()Task: {37C5F2AA-6798-4836-9455-52DCD9467079} - System32\Tasks\PCHB_carol_PCHealthBoost_RM => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {43E1F4CD-4A95-4002-BF69-4DB7E3C75C34} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)Task: {609CFE5B-3DD8-473B-ABAF-4E174FD29C97} - System32\Tasks\AdobeAAMUpdater-1.0-HEATHERLAND-carol => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)Task: {6CA56A4A-1C95-4416-AD65-5417D66B2B24} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {880162F7-D9A7-41D2-BD7E-DBF40C9DDE19} - System32\Tasks\4710 => Wscript.exe C:\Users\carol\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {A38F420D-C68F-4861-8BE9-C390E2C55567} - System32\Tasks\{12ECEACC-0D89-43D6-A5BD-802A5389BBF8} => Iexplore.exe http://ui.skype.com/ui/0/5.0.0.152.367/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabledTask: {D16A8298-15E5-4E80-9484-5C8E8B2CB4B7} - System32\Tasks\PCHB_carol_PCHealthBoost_RN => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {D80DF6DB-23CF-4B22-BFD4-16B25D093A8D} - System32\Tasks\PCHB_carol_PCHealthBoost_LG => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {E21AB595-1B50-4AAE-A796-B00429EC2646} - System32\Tasks\PCHB_carol_PCHealthBoost_UP => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exeTask: {E5B0A4CC-44EB-41C0-AF5A-592E44837F6F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-23] (AVAST Software)Task: {F1E19BB9-ADED-4BC6-9120-1FF884F4723C} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTIONTask: {FD103F5B-EA18-4E64-9253-EF1D50EC7A07} - System32\Tasks\PCHB_carol_PCHealthBoost_RS => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe==================== Loaded Modules (whitelisted) =============2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-05-22 22:09 - 2012-08-01 15:44 - 00139024 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll2009-01-21 18:45 - 2009-01-21 18:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll2012-08-09 15:21 - 2012-08-09 15:21 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-10-29 12:55 - 2014-06-03 12:44 - 02252288 _____ () C:\Program Files\Nexus Mod Manager\GameModes\data\boss64.dll2014-10-29 08:33 - 2014-10-29 08:33 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102901\algo.dll2011-02-15 13:37 - 2011-02-15 13:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll2011-02-15 13:36 - 2011-02-15 13:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll2011-02-15 13:37 - 2011-02-15 13:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll2014-10-23 21:05 - 2014-10-23 21:05 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2013-02-07 14:33 - 2013-02-07 14:33 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\99bd60d446f190d3f787f8eb02442187\IsdiInterop.ni.dll2011-04-18 23:22 - 2010-04-13 11:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\ProgramData\Temp:0588E665AlternateDataStreams: C:\ProgramData\Temp:517FAB99AlternateDataStreams: C:\ProgramData\Temp:522EA216AlternateDataStreams: C:\ProgramData\Temp:6D5A15BFAlternateDataStreams: C:\ProgramData\Temp:880F0FEFAlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0AlternateDataStreams: C:\ProgramData\Temp:B12D1A7DAlternateDataStreams: C:\ProgramData\Temp:B7F2E188AlternateDataStreams: C:\ProgramData\Temp:C0DFB793AlternateDataStreams: C:\ProgramData\Temp:D19F6C18AlternateDataStreams: C:\ProgramData\Temp:D2A61C65AlternateDataStreams: C:\ProgramData\Temp:D667795FAlternateDataStreams: C:\ProgramData\Temp:DBAD570FAlternateDataStreams: C:\ProgramData\Temp:F75D000DAlternateDataStreams: C:\ProgramData\Temp:FC2E567F==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: DsiWMIService => 2MSCONFIG\Services: FLEXnet Licensing Service => 3MSCONFIG\Services: GamesAppIntegrationService => 3MSCONFIG\Services: GamesAppService => 3MSCONFIG\Services: IDriverT => 3MSCONFIG\Services: MyWebSearchService => 2MSCONFIG\Services: NOBU => 2MSCONFIG\Services: tvnserver => 2========================= Accounts: ==========================Administrator (S-1-5-21-1649277139-1060227582-4263488454-500 - Administrator - Disabled)carol (S-1-5-21-1649277139-1060227582-4263488454-1000 - Administrator - Enabled) => C:\Users\carolGuest (S-1-5-21-1649277139-1060227582-4263488454-501 - Limited - Disabled)==================== Faulty Device Manager Devices =============Name: Ethernet ControllerDescription: Ethernet ControllerClass Guid:Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (10/29/2014 03:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program FRST64.exe version 29.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 13f4Start Time: 01cff3b8a1c8aca6Termination Time: 16Application Path: C:\Users\carol\Desktop\FRST64.exeReport Id:Error: (10/29/2014 00:13:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)Error: (10/29/2014 00:12:43 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/29/2014 11:23:24 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program TESV.exe version 1.9.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 1534Start Time: 01cff393aefaa3a9Termination Time: 36Application Path: C:\Program Files (x86)\TSEV Skyrim LE\TESV.exeReport Id:Error: (10/29/2014 11:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/29/2014 11:03:38 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (10/29/2014 00:13:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The BlueStacks Android Service service terminated with the following error:%%1064Error: (10/29/2014 00:11:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater14.2.0 service failed to start due to the following error:%%2Error: (10/29/2014 00:11:37 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 12:09:26 PM on 10/29/2014 was unexpected.Error: (10/29/2014 11:08:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater14.2.0 service failed to start due to the following error:%%2Error: (10/29/2014 11:06:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Windows Update service terminated with the following error:%%-2147467243Error: (10/29/2014 11:03:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The vToolbarUpdater14.2.0 service failed to start due to the following error:%%2Microsoft Office Sessions:=========================Error: (10/29/2014 03:45:59 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: FRST64.exe29.10.2014.013f401cff3b8a1c8aca616C:\Users\carol\Desktop\FRST64.exeError: (10/29/2014 00:13:13 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)Error: (10/29/2014 00:12:43 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/29/2014 11:23:24 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: TESV.exe1.9.32.0153401cff393aefaa3a936C:\Program Files (x86)\TSEV Skyrim LE\TESV.exeError: (10/29/2014 11:08:44 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (10/29/2014 11:03:38 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003CodeIntegrity Errors:=================================== Date: 2014-10-27 16:24:18.168 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-27 16:24:18.028 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-18 14:06:32.060 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-18 14:06:31.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:22.668 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:22.545 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:16.923 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:16.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:14.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system. Date: 2014-09-08 12:12:14.687 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: Intel® Pentium® CPU P6200 @ 2.13GHzPercentage of memory in use: 46%Total physical RAM: 3766.7 MBAvailable physical RAM: 1998.91 MBTotal Pagefile: 7531.59 MBAvailable Pagefile: 3771.04 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB==================== Drives ================================Drive c: (Heather) (Fixed) (Total:447.66 GB) (Free:107.73 GB) NTFSDrive e: (1) (CDROM) (Total:2.24 GB) (Free:0 GB) CDFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8E871886)Partition 1: (Not Active) - (Size=18 GB) - (Type=27)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted October 30, 2014 ID:899104 Share Posted October 30, 2014 There is still plenty to be done here... Uninstall some programsWe need to uninstall some programs.Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.Search there for each entry mentioned below, right-click the entry and click Uninstall one at a timeThe list of programs to uninstall:Breathtaking Water ScenesFairy ForestInternet Explorer Toolbar 4.7 by SweetPacksLiving Waterfalls 2My Web Search (Webfetti)Night Before ChristmasSafeSaver 1.74Video PlayerPay special attention when uninstalling, some of the programs may have checkboxes that will either install others instead or ask you to leave them installed!After completing uninstalls, please manually reboot your machine! Scan with CKScannerDownload CKScanner by askey127 and save it to your desktop.Right-click on icon and select Run as Administrator to start the tool.click Search For Files.When finished, click Save List To File.Remember to run this tool once only, if not asked to run it again.Please include the content of CKFiles.txt in your next reply. Link to post Share on other sites More sharing options...
h90 Posted October 30, 2014 Author ID:899176 Share Posted October 30, 2014 When trying to uninstall Internet Explorer Toolbar 4.7 by SweetPacks, a window comes up that says The feature you are trying to use is on a network resource that is unavailable. (internet connection is fine) When trying to uninstall My Web Search (Webfetti), it says C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsbar.dll The specified module could not be found. Rebooted my computer but CKScanner keeps saying "not responding" i did run it as administrator...... Link to post Share on other sites More sharing options...
Recommended Posts