Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Adware [Solved]


  • This topic is locked This topic is locked
14 replies to this topic

#1 curlee1982

curlee1982

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 31 December 2014 - 03:38 PM

Need help cleaning all this adware from off my computer! Thanks!

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-31 14:23:22
-----------------------------
14:23:22.847    OS Version: Windows x64 6.2.9200 
14:23:22.847    Number of processors: 2 586 0x200
14:23:22.863    ComputerName: OURPC  UserName: jimmy
14:23:26.093    Initialize success
14:23:26.252    VM: initialized successfully
14:23:26.283    VM: Amd CPU supported virtualized 
14:23:31.140    AVAST engine defs: 14123100
14:23:40.661    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000026
14:23:40.661    Disk 0 Vendor: WDC_WD5000AAKX-22ERMA0 17.01H17 Size: 476940MB BusType: 11
14:23:40.895    Disk 0 MBR read successfully
14:23:40.895    Disk 0 MBR scan
14:23:40.911    Disk 0 unknown MBR code
14:23:40.926    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:23:41.067    Disk 0 scanning C:\WINDOWS\system32\drivers
14:24:01.867    Service scanning
14:24:28.878    Modules scanning
14:24:28.893    Disk 0 trace - called modules:
14:24:28.925    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys storahci.sys hal.dll 
14:24:29.456    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0000d126770]
14:24:29.487    3 CLASSPNP.SYS[fffff800c9e2d27b] -> nt!IofCallDriver -> \Device\00000026[0xffffe0000d0497f0]
14:24:32.262    AVAST engine scan C:\WINDOWS
14:24:43.437    AVAST engine scan C:\WINDOWS\system32
14:29:07.767    AVAST engine scan C:\WINDOWS\system32\drivers
14:29:27.366    AVAST engine scan C:\Users\jimmy
16:15:46.248    Disk 0 MBR has been saved successfully to "C:\Users\jimmy\Desktop\MBR.dat"
16:15:46.295    The log file has been saved successfully to "C:\Users\jimmy\Desktop\aswMBR.txt"
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by jimmy (administrator) on OURPC on 31-12-2014 16:22:41
Running from C:\Users\jimmy\Desktop
Loaded Profile: jimmy (Available profiles: jimmy & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Torch)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
(SMART Technologies ULC.) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62360 2012-10-24] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2219416 2012-10-24] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [10132336 2012-03-09] (SMART Technologies ULC)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [98200 2012-10-25] (SMART Technologies)
HKLM-x32\...\Run: [Response Desktop Menu] => C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [1990040 2012-10-17] (SMART Technologies ULC)
HKLM-x32\...\Run: [SMARTClassroomCoordinator.exe] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [485232 2011-06-22] (SMART Technologies ULC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Run: [Spotify Web Helper] => C:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [101272 2014-09-30] (McAfee, Inc.)
HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\RunOnce: [Adobe Speed Launcher] => 1419166667
HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe [855216 2014-12-09] (Adobe Systems Incorporated)
Startup: C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1271087293-465154865-2948633367-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = web.roblox.com
HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=121770732&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=121770732&ir=
SearchScopes: HKU\S-1-5-21-1271087293-465154865-2948633367-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=121770732&ir=
SearchScopes: HKU\S-1-5-21-1271087293-465154865-2948633367-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Vosteran.com/...r=121770732&ir=
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1271087293-465154865-2948633367-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\l8b5k1dm.default
FF SearchEngineOrder.1: Secure Search
FF DefaultSearchEngine: Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1271087293-465154865-2948633367-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\l8b5k1dm.default\user.js
FF SearchPlugin: C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\l8b5k1dm.default\searchplugins\Vosteran.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (EnterDigital) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcdilgmfebioicioimhbfoaclhgnbahl [2014-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (Google Wallet) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-29] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Response Hardware; C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [19352 2012-10-17] (SMART Technologies ULC)
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-24] (SMART Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 Update EnterDigital; "C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 cricut; C:\Windows\system32\DRIVERS\cricut_x64.sys [72248 2014-12-30] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-09-11] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [16280 2012-10-24] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [15256 2012-10-24] (SMART Technologies)
R3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [24984 2012-10-24] (SMART Technologies ULC)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 {8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64; C:\Windows\System32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64.sys [48784 2014-11-20] (StdLib)
R1 {bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64; C:\Windows\System32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64.sys [48784 2014-11-21] (StdLib)
U3 aswMBR; \??\C:\Users\jimmy\AppData\Local\Temp\aswMBR.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 14:22 - 2014-12-31 14:22 - 05198336 _____ (AVAST Software) C:\Users\jimmy\Downloads\aswMBR (3).exe
2014-12-31 14:01 - 2014-12-31 14:01 - 05198336 _____ (AVAST Software) C:\Users\jimmy\Downloads\aswMBR (2).exe
2014-12-30 12:30 - 2014-12-30 12:30 - 00000000 ____D () C:\Program Files\Provocraft
2014-12-30 12:30 - 2014-12-30 12:25 - 00072248 _____ () C:\WINDOWS\system32\Drivers\cricut_x64.sys
2014-12-30 12:28 - 2014-12-30 12:28 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\com.cricut.Cricut-CraftRoom
2014-12-30 12:27 - 2014-12-30 12:27 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricut-Craft Room.lnk
2014-12-30 12:27 - 2014-12-30 12:27 - 00000980 _____ () C:\Users\Public\Desktop\Cricut-Craft Room.lnk
2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Program Files (x86)\Cricut-Craft Room
2014-12-30 12:24 - 2014-12-30 12:24 - 13202592 _____ () C:\Users\jimmy\Downloads\cricut-craftroom.exe
2014-12-30 12:24 - 2014-12-30 12:24 - 13202592 _____ () C:\Users\jimmy\Downloads\cricut-craftroom (1).exe
2014-12-21 14:04 - 2014-12-21 14:04 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105 (2).AVI
2014-12-21 14:01 - 2014-12-21 14:01 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105 (1).AVI
2014-12-21 14:00 - 2014-12-21 14:00 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105.AVI
2014-12-20 23:37 - 2014-12-20 23:37 - 00014925 ____H () C:\Users\jimmy\Documents\~WRL1169.tmp
2014-12-18 22:00 - 2014-12-18 22:01 - 248306803 _____ () C:\Users\jimmy\Downloads\KSP_demo_win.zip
2014-12-18 05:53 - 2014-09-11 14:33 - 00076064 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2014-12-18 05:52 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-12-17 20:45 - 2014-12-30 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-12-15 18:49 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-15 18:49 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-14 13:43 - 2014-12-18 22:02 - 00000000 ____D () C:\Users\jimmy\Desktop\mods
2014-12-13 09:55 - 2014-12-13 09:55 - 01660981 _____ () C:\Users\jimmy\Downloads\Channel Art Template (Photoshop)
2014-12-12 21:33 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-12 21:33 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 21:28 - 2014-12-12 21:28 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-09 18:52 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-09 18:52 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 18:52 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-09 18:51 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-09 18:31 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-09 18:31 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-09 18:31 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-09 18:31 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-09 18:31 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-09 18:31 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-09 18:31 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-09 18:31 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-09 18:31 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-09 18:31 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-09 18:31 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-09 18:31 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-09 18:31 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-09 18:31 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-09 18:30 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 18:03 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-09 18:03 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-09 18:03 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-09 18:03 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-09 18:03 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-09 18:03 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-09 18:03 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-09 18:03 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-09 18:03 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-09 18:03 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-09 18:03 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-09 18:03 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-09 18:03 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-09 18:03 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-09 18:03 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-09 18:03 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-09 18:03 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-09 18:03 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-09 18:03 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-09 18:03 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-09 18:03 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-09 18:03 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-09 18:03 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-09 18:03 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-09 18:03 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-09 18:03 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-09 18:03 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-09 18:03 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-09 18:03 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-09 18:03 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-09 18:03 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-09 18:03 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-09 18:03 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-09 18:03 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-09 18:03 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-09 18:03 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-09 18:03 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-09 18:03 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-09 18:03 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-08 05:33 - 2014-12-08 05:33 - 14289721 _____ () C:\Users\jimmy\Documents\the nutcracker.notebook
2014-12-08 05:10 - 2014-12-08 05:11 - 07407866 _____ () C:\Users\jimmy\Downloads\Mariisnky - The Nutcracker - Tea (Chinese Dance) - Ovation.flv
2014-12-08 05:00 - 2014-12-08 05:01 - 07548025 _____ () C:\Users\jimmy\Downloads\The Nutcracker - Dance of the Reed Pipes (1).flv
2014-12-08 04:54 - 2014-12-08 04:55 - 07548025 _____ () C:\Users\jimmy\Downloads\The Nutcracker - Dance of the Reed Pipes.flv
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-31 16:23 - 2014-11-25 21:22 - 00026494 _____ () C:\Users\jimmy\Desktop\FRST.txt
2014-12-31 16:22 - 2014-10-24 20:58 - 00000000 ____D () C:\FRST
2014-12-31 16:18 - 2014-10-19 21:05 - 01992007 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-31 16:16 - 2014-10-28 17:13 - 00000000 ____D () C:\Users\jimmy\Desktop\FRST-OlderVersion
2014-12-31 16:16 - 2014-10-24 20:58 - 02123264 _____ (Farbar) C:\Users\jimmy\Desktop\FRST64.exe
2014-12-31 16:15 - 2014-11-25 21:21 - 00003479 _____ () C:\Users\jimmy\Desktop\aswMBR.txt
2014-12-31 16:15 - 2014-10-24 20:57 - 00000512 _____ () C:\Users\jimmy\Desktop\MBR.dat
2014-12-31 16:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-31 14:45 - 2013-03-16 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-31 14:12 - 2014-05-07 13:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2.job
2014-12-31 13:59 - 2013-03-11 00:06 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Spotify
2014-12-31 13:59 - 2013-03-11 00:06 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Spotify
2014-12-31 12:12 - 2013-12-15 20:16 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 12:04 - 2014-10-20 17:16 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9791AE5-E39C-4E49-8217-4386C0483A75}
2014-12-30 22:34 - 2013-02-22 17:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1271087293-465154865-2948633367-1002
2014-12-30 12:28 - 2013-03-27 13:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-30 12:27 - 2013-03-27 13:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-30 12:26 - 2013-02-21 21:21 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Adobe
2014-12-30 12:25 - 2013-03-27 13:17 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Adobe
2014-12-29 17:38 - 2014-10-21 20:40 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Deployment
2014-12-27 05:57 - 2014-10-24 21:28 - 00234496 ___SH () C:\Users\jimmy\Desktop\Thumbs.db
2014-12-26 17:25 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-26 07:15 - 2013-02-25 21:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-26 07:15 - 2013-02-25 21:31 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-26 07:14 - 2013-03-01 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-26 07:14 - 2013-02-25 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-26 07:13 - 2014-07-15 11:57 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-25 22:11 - 2013-03-24 12:33 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Audacity
2014-12-25 20:43 - 2014-06-27 16:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-25 13:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-21 07:58 - 2013-12-07 15:51 - 00000000 __RSD () C:\Users\jimmy\Documents\McAfee Vaults
2014-12-21 07:55 - 2014-10-19 21:14 - 00000000 ____D () C:\Users\jimmy
2014-12-21 07:53 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-18 06:04 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 05:51 - 2013-12-07 15:39 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-12-18 05:50 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-18 05:48 - 2013-12-07 15:39 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-17 17:15 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-14 13:42 - 2013-11-21 20:01 - 00000000 ____D () C:\Users\jimmy\Desktop\YouTube
2014-12-13 22:02 - 2014-09-08 05:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 22:02 - 2014-09-08 05:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 14:07 - 2014-10-24 20:13 - 00341504 ___SH () C:\Users\jimmy\Downloads\Thumbs.db
2014-12-13 14:02 - 2013-08-07 12:57 - 00000000 ____D () C:\Users\jimmy\Desktop\StaffWars22XP
2014-12-13 14:01 - 2013-11-21 20:01 - 00000000 ____D () C:\Users\jimmy\Desktop\pb
2014-12-13 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-13 08:11 - 2014-09-08 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-12 21:57 - 2013-03-27 13:10 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-12 21:31 - 2014-09-24 02:03 - 00110642 _____ () C:\WINDOWS\PFRO.log
2014-12-12 21:30 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-12 21:28 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-12 11:30 - 2013-12-15 20:17 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-09 20:10 - 2013-02-21 21:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 19:59 - 2013-08-24 19:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-09 19:42 - 2013-02-22 23:11 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 17:45 - 2013-03-16 08:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-02 21:01 - 2013-12-30 12:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-02 05:28 - 2013-03-16 08:22 - 00000000 ____D () C:\ProgramData\FLEXnet
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-30 06:34
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by jimmy at 2014-12-31 16:26:30
Running from C:\Users\jimmy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ableton Live 9 Trial (HKLM-x32\...\{A29BB48D-59ED-411C-AB20-3FA488D08161}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cricut ™ Driver v2.01 (HKLM-x32\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
Cricut Craft Room® (HKLM-x32\...\com.cricut.Cricut-CraftRoom) (Version: v1.0 build-187 - Provo Craft & Novelty, Inc.)
Cricut Craft Room® (x32 Version: 1.0.187 - Provo Craft & Novelty, Inc.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
DC Universe Online (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
DC Universe Online Live (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free YouTube Downloader 3.5.181 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Game Channels (x32 Version: 7.1.0.17 - WildTangent, Inc.) Hidden
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
Hunting Unlimited 2010 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hunting Unlimited 2011 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft Packages (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Minecraft Packages) (Version:  - ) <==== ATTENTION
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
PCBooster (HKLM-x32\...\{AF0EAAE6-B2E2-48E7-8A74-0A0F909CE382}) (Version: 1.0.0 - Portable Booster) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.1.34.1 - SMART Technologies ULC)
SMART Ink (HKLM-x32\...\{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}) (Version: 1.1.233.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}) (Version: 11.0.705.1 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}) (Version: 11.0.510.2 - SMART Technologies ULC)
SMART Response Software (HKLM-x32\...\{02885557-ACA5-4B6F-85D2-3F1A9B8580F5}) (Version: 4.0.450.1 - SMART Technologies ULC)
SMART Sync Teacher (HKLM-x32\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Unity Web Player (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.9 - WildTangent) Hidden
Wondershare Video Editor(Build 4.5.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1271087293-465154865-2948633367-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\jimmy\AppData\Local\Roblox\Versions\version-c2a7e6748ad54a86\RobloxProxy64.dll No File
 
==================== Restore Points  =========================
 
13-12-2014 08:05:10 Windows Update
18-12-2014 06:02:20 Windows Update
25-12-2014 13:26:05 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-11-21 21:53 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {066D7012-D626-4B3A-88A4-2EFF2BE832ED} - System32\Tasks\{1B5A351E-6456-4DCD-9137-9C2476C8113D} => pcalua.exe -a "C:\Users\jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C8RVGXX\cda-to-mp3-converter.exe" -d C:\Users\jimmy\Desktop
Task: {360A0CDF-FE35-4A24-8D14-560A1196F977} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
Task: {408DBE6A-D817-4107-8EAD-08D1427CBDDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {55FB2DED-03A4-4D80-9060-C7F5BB981BEE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {644CD833-9DCE-42EC-9DCA-A4DBAEBFE5E7} - \boosterpop No Task File <==== ATTENTION
Task: {691C5007-EADB-411E-A1C3-D155647E5129} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {69A79124-8170-4D64-B9F3-3F8F85126E0A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {6C486CAD-5C9D-410A-80E5-5BA22409EA21} - System32\Tasks\{AB7133B4-07D0-495A-A9A6-C71305016BB2} => pcalua.exe -a C:\Users\jimmy\Downloads\kremove.exe -d C:\Users\jimmy\Downloads
Task: {7BCEE7E0-3516-426C-979F-50EC2EE001B0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
Task: {83D19DC0-FBCD-4324-B710-A40A48E9C9F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {8BBB856F-24E0-41A8-8297-EEB1825C9FC1} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {8EA43C2D-1C36-4648-8A81-D6A27EB6A0F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
Task: {90FA3452-9D0D-4E28-AB4F-438CDD128B8D} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {A0772BF0-15D3-43E1-833D-676DD0FA37AD} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {AA4C659F-5A11-4E0A-A27A-0A7D56D5491E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C75750FE-9491-4958-B769-0FE29B4F5BED} - System32\Tasks\{89CD0DFD-7378-404D-BAED-78521FB39DF9} => pcalua.exe -a "C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online\Uninstaller.exe"
Task: {D61D7859-723F-44DC-AC2C-7413E2995BD0} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {D8FF2921-9A51-42DB-BA52-C2C4DDAA65E4} - System32\Tasks\{590EA461-2B48-470E-A64E-A8F7E95B5972} => pcalua.exe -a C:\Users\jimmy\AppData\Roaming\IMVUClient\Uninstall.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-27 16:50 - 2012-03-27 22:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-04 20:33 - 2014-07-04 20:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-10-21 18:48 - 2014-10-21 18:48 - 00072192 _____ () C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe
2014-08-04 17:03 - 2014-08-04 17:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-12-20 18:31 - 2014-12-20 18:31 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122001\algo.dll
2014-12-31 03:03 - 2014-12-31 03:03 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123100\algo.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 00022440 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 00054184 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 00053680 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_signals.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_8ce60f5e6bc42419\boost_signals-vc100-mt-1_44.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 02296736 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_none_421d23a1fa0a055d\QtCore4.dll
2014-10-19 21:30 - 2014-10-19 21:30 - 02364840 _____ () C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc100.1.1_9ca15c999435ee05_1.0.1.0_none_1bed397492abdaf4\xqilla-vc100-1_0.dll
2014-10-19 21:30 - 2014-10-19 21:30 - 00066976 _____ () C:\WINDOWS\WinSxS\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_none_a9eddec61c291613\zlib1-vc100-mt-1.2.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 02310056 _____ () C:\WINDOWS\WinSxS\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_none_abdcef110f80cf28\redland-vc100-1_0_9.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 00145328 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
2014-10-19 21:31 - 2014-10-19 21:31 - 00051120 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
2012-10-17 07:40 - 2012-10-17 07:40 - 00454656 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
2012-10-17 07:40 - 2012-10-17 07:40 - 00030208 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
2014-10-19 21:32 - 2014-10-19 21:32 - 07546272 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.5_9ca15c999435ee05_1.0.1.0_none_4232c379f9f9cd7b\QtGui4.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 02027424 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.5_9ca15c999435ee05_1.0.1.0_none_4232c379f9f9cd7b\QtCore4.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 00524712 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_regex.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_cae4ebd2526cf46f\boost_regex-vc100-mt-1_44.dll
2012-10-24 13:11 - 2012-10-24 13:11 - 01435544 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\activation2.dll
2014-10-19 21:30 - 2014-10-19 21:30 - 02996648 _____ () C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc100.2.1_9ca15c999435ee05_1.0.1.0_none_1bed22ac92abf495\xqilla21.dll
2011-06-22 07:19 - 2011-06-22 07:19 - 00070656 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\libLogger-vc100-2_0.dll
2014-08-04 17:03 - 2014-08-04 17:03 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-26 20:30 - 2014-07-09 11:01 - 01459712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-26 20:30 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-10-19 21:32 - 2014-10-19 21:32 - 01030048 _____ () C:\WINDOWS\WinSxS\x86_smarttech.js.vc70.1.8_37a8c5fef6a21868_1.0.2.1_none_e909cd048128eadf\js32.dll
2012-10-24 13:11 - 2012-10-24 13:11 - 00466840 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\ziparchive-vc100-3_1_1a.dll
2014-10-26 17:22 - 2014-10-26 17:22 - 00334848 _____ () C:\Users\jimmy\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\CLR_v4.0_32\NativeImages\AmazonForWi3a7c204a#\9fd3d15d3d76ee96d7a68bfd4e6e2875\AmazonForWindowsWebview.ni.exe
2014-10-23 14:47 - 2014-10-23 14:47 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
2014-10-23 14:47 - 2014-10-23 14:47 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2014-10-26 17:22 - 2014-10-26 17:22 - 00378368 _____ () C:\Users\jimmy\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\CLR_v4.0_32\NativeImages\Helper\8400bacf703fbe932482c715b8a4a2f5\Helper.ni.dll
2014-10-23 14:47 - 2014-10-23 14:47 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
2014-10-23 14:47 - 2014-10-23 14:47 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
2014-10-23 14:47 - 2014-10-23 14:47 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
2014-10-23 14:47 - 2014-10-23 14:47 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2014-12-22 17:27 - 2014-12-22 17:27 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
2014-10-23 14:47 - 2014-10-23 14:47 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
2014-12-22 17:28 - 2014-12-22 17:28 - 00869888 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Web\e80741874129b38ff4bc85abedf8e4a2\Windows.Web.ni.dll
2014-12-12 11:28 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 11:28 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 11:28 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 11:28 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 11:28 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1271087293-465154865-2948633367-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1271087293-465154865-2948633367-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1271087293-465154865-2948633367-1004 - Limited - Enabled)
jimmy (S-1-5-21-1271087293-465154865-2948633367-1002 - Administrator - Enabled) => C:\Users\jimmy
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/31/2014 01:50:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3563
 
Error: (12/31/2014 01:50:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3563
 
Error: (12/31/2014 01:50:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/31/2014 01:50:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1844
 
Error: (12/31/2014 01:50:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1844
 
Error: (12/31/2014 01:50:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/31/2014 01:29:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Faulting module name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Exception code: 0xc0000005
Fault offset: 0x000063c3
Faulting process id: 0x18ec
Faulting application start time: 0xSpotifyWebHelper.exe0
Faulting application path: SpotifyWebHelper.exe1
Faulting module path: SpotifyWebHelper.exe2
Report Id: SpotifyWebHelper.exe3
Faulting package full name: SpotifyWebHelper.exe4
Faulting package-relative application ID: SpotifyWebHelper.exe5
 
Error: (12/31/2014 01:16:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5734
 
Error: (12/31/2014 01:16:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5734
 
Error: (12/31/2014 01:16:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (12/31/2014 03:09:15 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/31/2014 03:08:45 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/30/2014 06:34:39 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/30/2014 06:34:09 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/30/2014 06:31:38 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/29/2014 09:32:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.3.
The computer with the IP address 192.168.1.7 did not allow the name to be claimed by
this computer.
 
Error: (12/29/2014 04:34:03 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/29/2014 04:33:23 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/29/2014 04:13:14 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (12/28/2014 07:50:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
 
Microsoft Office Sessions:
=========================
Error: (12/31/2014 01:50:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3563
 
Error: (12/31/2014 01:50:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3563
 
Error: (12/31/2014 01:50:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/31/2014 01:50:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1844
 
Error: (12/31/2014 01:50:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1844
 
Error: (12/31/2014 01:50:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/31/2014 01:29:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75SpotifyWebHelper.exe0.9.15.2754803b75c0000005000063c318ec01d02315a7d58335C:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exef61122dd-911a-11e4-bf8f-eca86baeef58
 
Error: (12/31/2014 01:16:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5734
 
Error: (12/31/2014 01:16:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5734
 
Error: (12/31/2014 01:16:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 63%
Total physical RAM: 3810.07 MB
Available physical RAM: 1386.83 MB
Total Pagefile: 5897.71 MB
Available Pagefile: 1414.66 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:446.51 GB) (Free:316.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 70D4E092)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 31 December 2014 - 06:26 PM

:welcome:

 

Your infected with Vosteran , lets do this

 

 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<------------
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished click on VIEW DETAILED LOG
  • When it opens click on COPY TO CLIPBOARD
  • Then paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #3 curlee1982

    curlee1982

      Authentic Member

    • Authentic Member
    • PipPip
    • 22 posts

    Posted 01 January 2015 - 10:18 AM

    Here are the logs you requested.

     

    # AdwCleaner v4.106 - Report created 01/01/2015 at 09:11:06
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-30.1 [Live]
    # Operating System : Windows 8.1  (64 bits)
    # Username : jimmy - OURPC
    # Running from : C:\Users\jimmy\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
    Service Deleted : {8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64
    Service Deleted : {bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\Program Files (x86)\EnterDigital
    Folder Deleted : C:\Users\jimmy\AppData\Local\Temp\EnterDigital
    Folder Deleted : C:\Users\jimmy\AppData\Local\Gameo
    Folder Deleted : C:\Users\jimmy\AppData\Roaming\Gameo
    Folder Deleted : C:\Users\jimmy\AppData\Roaming\WSE_Vosteran
    File Deleted : C:\WINDOWS\System32\drivers\{8ca7f150-5454-4b4c-9537-1b831c71d329}Gw64.sys
    File Deleted : C:\WINDOWS\System32\drivers\{bf07813e-aac8-4cea-bf69-7178c16076ac}Gw64.sys
    File Deleted : C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\l8b5k1dm.default\user.js
    File Deleted : C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\l8b5k1dm.default\searchplugins\Vosteran.xml
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage
    File Deleted : C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\gameo
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17416
     
     
    -\\ Mozilla Firefox v34.0.5 (x86 en-US)
     
    [l8b5k1dm.default\prefs.js] - Line Deleted : user_pref("CT3317127_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1395695113407,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
     
    -\\ Google Chrome v39.0.2171.95
     
    [C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mowersdirect.com/search-results.php?cx=017424973013417816314%3Apckaiqvyyhw&cof=FORID%3A10&ie=UTF-8&q={searchTerms}&x=0&y=0
    [C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0A0E0E0FyDzztBtAzy0FtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByEzy0EyD0DyE0BtGyBtAtByDtG0C0AtCyDtGyCtC0CtBtGtAtC0Azy0BtB0Dzy0B0E0BtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtBzyyCyC0CzztGtBtD0E0AtGyE0E0AtCtGzzzztAzztG0Dzy0AtBzyzz0F0D0E0A0E0F2Q&cr=121770732&ir=
    [C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggbg_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0E0C0AzzyC0B0A0E0E0FyDzztBtAzy0FtN0D0Tzu0StCtDyDyEtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByEzy0EyD0DyE0BtGyBtAtByDtG0C0AtCyDtGyCtC0CtBtGtAtC0Azy0BtB0Dzy0B0E0BtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtAtBzyyCyC0CzztGtBtD0E0AtGyE0E0AtCtGzzzztAzztG0Dzy0AtBzyzz0F0D0E0A0E0F2Q&cr=121770732&ir=
     
    *************************
     
    AdwCleaner[R0].txt - [5385 octets] - [26/10/2014 16:19:01]
    AdwCleaner[R1].txt - [7188 octets] - [01/01/2015 09:02:14]
    AdwCleaner[S0].txt - [5345 octets] - [26/10/2014 16:33:19]
    AdwCleaner[S1].txt - [7001 octets] - [01/01/2015 09:11:06]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7061 octets] ##########
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows 8.1 x64
    Ran by jimmy on Thu 01/01/2015 at  9:32:24.49
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] "C:\Users\jimmy\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\jimmy\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal"
    Successfully deleted: [File] "C:\Users\jimmy\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\jimmy\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
    Successfully deleted: [File] "C:\Users\jimmy\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\jimmy\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal"
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\instashare"
     
     
     
    ~~~ FireFox
     
    Successfully deleted: [Folder] C:\Users\jimmy\AppData\Roaming\mozilla\firefox\profiles\l8b5k1dm.default\extensions\staged
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/01/2015 at  9:55:00.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 1/1/2015
    Scan Time: 10:03:27 AM
    Logfile: malwarelog.txt
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2015.01.01.02
    Rootkit Database: v2014.12.30.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: jimmy
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 420321
    Time Elapsed: 55 min, 44 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 1
    PUP.Optional.EnterDigital.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update EnterDigital, , [4de9c032cdbc290da28f9d475fa5946c], 
     
    Registry Values: 1
    PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, , [e84e0ae8cbbedd591582b53017ede21e]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 8
    PUP.Optional.InstallCore, C:\Users\jimmy\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z\Minecraft Packages\uninstaller.exe, , [0b2b48aa2267082eb9b318ebc43e8977], 
    PUP.Optional.InstallCore, C:\Users\jimmy\AppData\Local\Temp\466750.Uninstall\uninstaller.exe, , [7db9d41eb2d791a5a7c516edd230a35d], 
    PUP.Optional.BPlug, C:\Users\jimmy\AppData\Local\Temp\is1488139799\147F230B_stp.EXE, , [290d9959d5b4e35387c6ac1e9e63d927], 
    PUP.Optional.InstallCore, C:\Users\jimmy\AppData\Local\Temp\is1488139799\5D4B7A38_stp\uninstaller.exe, , [a5913ab8cbbeb6803834fd0616ec4db3], 
    PUP.Optional.BoostSaves.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, , [56e0985a6f1ade58b7cd0162fa092bd5], 
    PUP.Optional.BoostSaves.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, , [d95d8072870215213e46bba81be81de3], 
    PUP.Optional.Boost.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, , [5bdbac460089d75f39978feee61d36ca], 
    PUP.Optional.Boost.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, , [3cfa955d89006acc547c18651ae99e62], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     


    #4 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 January 2015 - 10:48 AM

    Make sure you followed the directions for Malwarebytes and had it remove all those bad entries, if not run it again and make sure all those are quarantined

     

    Then run a new scan with FRST.....be sure to checkmark Additions and post both new logs please



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 curlee1982

    curlee1982

      Authentic Member

    • Authentic Member
    • PipPip
    • 22 posts

    Posted 01 January 2015 - 08:36 PM

    OK I hope I got Malware right this time. It wouldn't let me highlight quarantine from the advanced settings so I quarantined them at the end of the scan. Here are the new logs.

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 1/1/2015
    Scan Time: 10:03:27 AM
    Logfile: malwarelog.txt
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2015.01.01.02
    Rootkit Database: v2014.12.30.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: jimmy
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 420321
    Time Elapsed: 55 min, 44 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 1
    PUP.Optional.EnterDigital.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update EnterDigital, , [4de9c032cdbc290da28f9d475fa5946c], 
     
    Registry Values: 1
    PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, , [e84e0ae8cbbedd591582b53017ede21e]
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 8
    PUP.Optional.InstallCore, C:\Users\jimmy\AppData\Roaming\1H1Q1V0B1L1G1N1V0M1P1Q1L1T0D1P1E2Z\Minecraft Packages\uninstaller.exe, , [0b2b48aa2267082eb9b318ebc43e8977], 
    PUP.Optional.InstallCore, C:\Users\jimmy\AppData\Local\Temp\466750.Uninstall\uninstaller.exe, , [7db9d41eb2d791a5a7c516edd230a35d], 
    PUP.Optional.BPlug, C:\Users\jimmy\AppData\Local\Temp\is1488139799\147F230B_stp.EXE, , [290d9959d5b4e35387c6ac1e9e63d927], 
    PUP.Optional.InstallCore, C:\Users\jimmy\AppData\Local\Temp\is1488139799\5D4B7A38_stp\uninstaller.exe, , [a5913ab8cbbeb6803834fd0616ec4db3], 
    PUP.Optional.BoostSaves.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, , [56e0985a6f1ade58b7cd0162fa092bd5], 
    PUP.Optional.BoostSaves.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, , [d95d8072870215213e46bba81be81de3], 
    PUP.Optional.Boost.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, , [5bdbac460089d75f39978feee61d36ca], 
    PUP.Optional.Boost.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, , [3cfa955d89006acc547c18651ae99e62], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
    Ran by jimmy (administrator) on OURPC on 01-01-2015 21:20:02
    Running from C:\Users\jimmy\Desktop
    Loaded Profile: jimmy (Available profiles: jimmy & Administrator)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Torch)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Spotify Ltd) C:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    (Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
    (SMART Technologies ULC.) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62360 2012-10-24] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2219416 2012-10-24] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Board Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [10132336 2012-03-09] (SMART Technologies ULC)
    HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [98200 2012-10-25] (SMART Technologies)
    HKLM-x32\...\Run: [Response Desktop Menu] => C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [1990040 2012-10-17] (SMART Technologies ULC)
    HKLM-x32\...\Run: [SMARTClassroomCoordinator.exe] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [485232 2011-06-22] (SMART Technologies ULC.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Run: [Spotify Web Helper] => C:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [101272 2014-09-30] (McAfee, Inc.)
    Startup: C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-1271087293-465154865-2948633367-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = web.roblox.com
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
    BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
    Toolbar: HKLM-x32 - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKU\S-1-5-21-1271087293-465154865-2948633367-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
    DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\l8b5k1dm.default
    FF SearchEngineOrder.1: Secure Search
    FF DefaultSearchEngine: Secure Search
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1271087293-465154865-2948633367-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-30]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-07]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (EnterDigital) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcdilgmfebioicioimhbfoaclhgnbahl [2014-11-21]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
    CHR Extension: (Google Wallet) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-29] (WildTangent)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
    R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
    R2 Response Hardware; C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [19352 2012-10-17] (SMART Technologies ULC)
    R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-24] (SMART Technologies)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
    R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
    S3 cricut; C:\Windows\system32\DRIVERS\cricut_x64.sys [72248 2014-12-30] ()
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-09-11] (McAfee, Inc.)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
    R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
    R3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [16280 2012-10-24] (SMART Technologies)
    R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [15256 2012-10-24] (SMART Technologies)
    R3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [24984 2012-10-24] (SMART Technologies ULC)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-01 12:38 - 2015-01-01 12:39 - 00004252 _____ () C:\Users\jimmy\Documents\The_Lord_Never_Closes_His_Eyes.mscz
    2015-01-01 09:57 - 2015-01-01 09:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jimmy\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-01 09:55 - 2015-01-01 09:55 - 00001742 _____ () C:\Users\jimmy\Desktop\JRT.txt
    2015-01-01 09:28 - 2015-01-01 09:28 - 01707939 _____ (Thisisu) C:\Users\jimmy\Downloads\JRT (2).exe
    2015-01-01 09:26 - 2015-01-01 09:26 - 01707939 _____ (Thisisu) C:\Users\jimmy\Downloads\JRT (1).exe
    2015-01-01 09:23 - 2015-01-01 09:23 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-01-01 09:16 - 2015-01-01 09:16 - 00007161 _____ () C:\Users\jimmy\Desktop\AdwCleaner[S1].txt
    2015-01-01 09:01 - 2015-01-01 09:01 - 02173952 _____ () C:\Users\jimmy\Downloads\AdwCleaner.exe
    2014-12-31 16:26 - 2014-12-31 16:37 - 00033692 _____ () C:\Users\jimmy\Desktop\Addition.txt
    2014-12-31 14:22 - 2014-12-31 14:22 - 05198336 _____ (AVAST Software) C:\Users\jimmy\Downloads\aswMBR (3).exe
    2014-12-31 14:01 - 2014-12-31 14:01 - 05198336 _____ (AVAST Software) C:\Users\jimmy\Downloads\aswMBR (2).exe
    2014-12-30 12:30 - 2014-12-30 12:30 - 00000000 ____D () C:\Program Files\Provocraft
    2014-12-30 12:30 - 2014-12-30 12:25 - 00072248 _____ () C:\WINDOWS\system32\Drivers\cricut_x64.sys
    2014-12-30 12:28 - 2014-12-30 12:28 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\com.cricut.Cricut-CraftRoom
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricut-Craft Room.lnk
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000980 _____ () C:\Users\Public\Desktop\Cricut-Craft Room.lnk
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Program Files (x86)\Cricut-Craft Room
    2014-12-30 12:24 - 2014-12-30 12:24 - 13202592 _____ () C:\Users\jimmy\Downloads\cricut-craftroom.exe
    2014-12-30 12:24 - 2014-12-30 12:24 - 13202592 _____ () C:\Users\jimmy\Downloads\cricut-craftroom (1).exe
    2014-12-21 14:04 - 2014-12-21 14:04 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105 (2).AVI
    2014-12-21 14:01 - 2014-12-21 14:01 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105 (1).AVI
    2014-12-21 14:00 - 2014-12-21 14:00 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105.AVI
    2014-12-20 23:37 - 2014-12-20 23:37 - 00014925 ____H () C:\Users\jimmy\Documents\~WRL1169.tmp
    2014-12-18 22:00 - 2014-12-18 22:01 - 248306803 _____ () C:\Users\jimmy\Downloads\KSP_demo_win.zip
    2014-12-18 05:53 - 2014-09-11 14:33 - 00076064 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
    2014-12-18 05:52 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
    2014-12-17 20:45 - 2015-01-01 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-12-15 18:49 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2014-12-15 18:49 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2014-12-14 13:43 - 2014-12-18 22:02 - 00000000 ____D () C:\Users\jimmy\Desktop\mods
    2014-12-13 09:55 - 2014-12-13 09:55 - 01660981 _____ () C:\Users\jimmy\Downloads\Channel Art Template (Photoshop)
    2014-12-12 21:33 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-12-12 21:33 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-12 21:28 - 2014-12-12 21:28 - 00000000 ____D () C:\WINDOWS\system32\appraiser
    2014-12-09 18:52 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
    2014-12-09 18:52 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
    2014-12-09 18:52 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2014-12-09 18:51 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2014-12-09 18:31 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-12-09 18:31 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2014-12-09 18:31 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2014-12-09 18:31 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2014-12-09 18:31 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-12-09 18:31 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-12-09 18:31 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2014-12-09 18:31 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2014-12-09 18:31 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2014-12-09 18:30 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
    2014-12-09 18:03 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-12-09 18:03 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-12-09 18:03 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-12-09 18:03 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2014-12-09 18:03 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-12-09 18:03 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2014-12-09 18:03 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-12-09 18:03 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-12-09 18:03 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-12-09 18:03 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-12-09 18:03 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2014-12-09 18:03 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2014-12-09 18:03 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-12-09 18:03 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-12-09 18:03 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-12-09 18:03 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2014-12-09 18:03 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2014-12-09 18:03 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2014-12-09 18:03 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-12-09 18:03 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-12-09 18:03 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-12-09 18:03 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-12-09 18:03 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-12-09 18:03 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-12-09 18:03 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2014-12-09 18:03 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-12-09 18:03 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-12-09 18:03 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2014-12-09 18:03 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-12-09 18:03 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2014-12-09 18:03 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-12-09 18:03 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-12-09 18:03 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-12-09 18:03 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-12-09 18:03 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-12-09 18:03 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-12-09 18:03 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-12-09 18:03 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-12-09 18:03 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-12-08 05:33 - 2014-12-08 05:33 - 14289721 _____ () C:\Users\jimmy\Documents\the nutcracker.notebook
    2014-12-08 05:10 - 2014-12-08 05:11 - 07407866 _____ () C:\Users\jimmy\Downloads\Mariisnky - The Nutcracker - Tea (Chinese Dance) - Ovation.flv
    2014-12-08 05:00 - 2014-12-08 05:01 - 07548025 _____ () C:\Users\jimmy\Downloads\The Nutcracker - Dance of the Reed Pipes (1).flv
    2014-12-08 04:54 - 2014-12-08 04:55 - 07548025 _____ () C:\Users\jimmy\Downloads\The Nutcracker - Dance of the Reed Pipes.flv
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-01 21:24 - 2014-11-25 21:22 - 00021746 _____ () C:\Users\jimmy\Desktop\FRST.txt
    2015-01-01 21:24 - 2013-02-22 17:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1271087293-465154865-2948633367-1002
    2015-01-01 21:21 - 2013-12-07 15:51 - 00000000 __RSD () C:\Users\jimmy\Documents\McAfee Vaults
    2015-01-01 21:20 - 2014-10-24 20:58 - 00000000 ____D () C:\FRST
    2015-01-01 21:19 - 2013-12-15 20:16 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-01 21:18 - 2014-09-24 02:03 - 00113722 _____ () C:\WINDOWS\PFRO.log
    2015-01-01 21:18 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-01 21:17 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-01-01 21:12 - 2014-05-07 13:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2.job
    2015-01-01 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-01-01 20:45 - 2013-03-16 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-01 20:09 - 2014-10-20 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-01 19:54 - 2014-10-20 17:16 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9791AE5-E39C-4E49-8217-4386C0483A75}
    2015-01-01 18:07 - 2014-10-19 21:05 - 01083304 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-01 17:45 - 2013-12-30 12:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-01-01 17:43 - 2014-10-19 21:14 - 00000000 ____D () C:\Users\jimmy
    2015-01-01 13:35 - 2014-08-26 20:27 - 00000000 ____D () C:\Users\jimmy\Documents\Wondershare Video Editor
    2015-01-01 13:19 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-01-01 10:00 - 2014-10-20 18:07 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-01 10:00 - 2014-10-20 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-01 10:00 - 2014-10-20 18:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-01 09:14 - 2013-02-25 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-01 09:11 - 2014-10-26 16:12 - 00000000 ____D () C:\AdwCleaner
    2015-01-01 07:54 - 2014-10-21 20:40 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Deployment
    2015-01-01 07:50 - 2014-10-24 20:13 - 00381952 ___SH () C:\Users\jimmy\Downloads\Thumbs.db
    2014-12-31 20:41 - 2014-10-24 21:28 - 00234496 ___SH () C:\Users\jimmy\Desktop\Thumbs.db
    2014-12-31 20:39 - 2014-10-24 20:13 - 00152576 ___SH () C:\Users\jimmy\Documents\Thumbs.db
    2014-12-31 19:59 - 2014-06-27 16:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
    2014-12-31 16:16 - 2014-10-28 17:13 - 00000000 ____D () C:\Users\jimmy\Desktop\FRST-OlderVersion
    2014-12-31 16:16 - 2014-10-24 20:58 - 02123264 _____ (Farbar) C:\Users\jimmy\Desktop\FRST64.exe
    2014-12-31 16:15 - 2014-11-25 21:21 - 00003479 _____ () C:\Users\jimmy\Desktop\aswMBR.txt
    2014-12-31 16:15 - 2014-10-24 20:57 - 00000512 _____ () C:\Users\jimmy\Desktop\MBR.dat
    2014-12-31 13:59 - 2013-03-11 00:06 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Spotify
    2014-12-31 13:59 - 2013-03-11 00:06 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Spotify
    2014-12-30 12:28 - 2013-03-27 13:08 - 00000000 ____D () C:\ProgramData\Adobe
    2014-12-30 12:27 - 2013-03-27 13:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-12-30 12:26 - 2013-02-21 21:21 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Adobe
    2014-12-30 12:25 - 2013-03-27 13:17 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Adobe
    2014-12-26 17:25 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-12-26 07:15 - 2013-02-25 21:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-12-26 07:15 - 2013-02-25 21:31 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-12-26 07:14 - 2013-03-01 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-26 07:13 - 2014-07-15 11:57 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2014-12-25 22:11 - 2013-03-24 12:33 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Audacity
    2014-12-25 13:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-12-18 06:04 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-12-18 05:51 - 2013-12-07 15:39 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-12-18 05:50 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
    2014-12-18 05:48 - 2013-12-07 15:39 - 00000000 ____D () C:\ProgramData\McAfee
    2014-12-14 13:42 - 2013-11-21 20:01 - 00000000 ____D () C:\Users\jimmy\Desktop\YouTube
    2014-12-13 22:02 - 2014-09-08 05:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-13 22:02 - 2014-09-08 05:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-13 14:02 - 2013-08-07 12:57 - 00000000 ____D () C:\Users\jimmy\Desktop\StaffWars22XP
    2014-12-13 14:01 - 2013-11-21 20:01 - 00000000 ____D () C:\Users\jimmy\Desktop\pb
    2014-12-13 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-12-13 08:11 - 2014-09-08 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-12 21:57 - 2013-03-27 13:10 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-12 21:28 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
    2014-12-12 11:30 - 2013-12-15 20:17 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-09 20:10 - 2013-02-21 21:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-09 19:59 - 2013-08-24 19:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-09 19:42 - 2013-02-22 23:11 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-12-09 17:45 - 2013-03-16 08:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-12-02 05:28 - 2013-03-16 08:22 - 00000000 ____D () C:\ProgramData\FLEXnet
     
    Some content of TEMP:
    ====================
    C:\Users\jimmy\AppData\Local\Temp\Quarantine.exe
    C:\Users\jimmy\AppData\Local\Temp\sqlite3.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-01 18:20
     
    ==================== End Of Log ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
    Ran by jimmy at 2015-01-01 21:25:16
    Running from C:\Users\jimmy\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Ableton Live 9 Trial (HKLM-x32\...\{A29BB48D-59ED-411C-AB20-3FA488D08161}) (Version: 9.0.0.0 - Ableton)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
    Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
    Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
    Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
    Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cricut ™ Driver v2.01 (HKLM-x32\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
    Cricut Craft Room® (HKLM-x32\...\com.cricut.Cricut-CraftRoom) (Version: v1.0 build-187 - Provo Craft & Novelty, Inc.)
    Cricut Craft Room® (x32 Version: 1.0.187 - Provo Craft & Novelty, Inc.) Hidden
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
    DC Universe Online (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
    DC Universe Online Live (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
    Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Free YouTube Downloader 3.5.181 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
    Game Channels (x32 Version: 7.1.0.17 - WildTangent, Inc.) Hidden
    Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
    Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
    Hunting Unlimited 2010 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hunting Unlimited 2011 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
    McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
    McAfee Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Minecraft Packages (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Minecraft Packages) (Version:  - ) <==== ATTENTION
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
    Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    PCBooster (HKLM-x32\...\{AF0EAAE6-B2E2-48E7-8A74-0A0F909CE382}) (Version: 1.0.0 - Portable Booster) <==== ATTENTION
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
    Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
    Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.1.34.1 - SMART Technologies ULC)
    SMART Ink (HKLM-x32\...\{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}) (Version: 1.1.233.0 - SMART Technologies ULC)
    SMART Notebook (HKLM-x32\...\{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}) (Version: 11.0.705.1 - SMART Technologies ULC)
    SMART Product Drivers (HKLM-x32\...\{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}) (Version: 11.0.510.2 - SMART Technologies ULC)
    SMART Response Software (HKLM-x32\...\{02885557-ACA5-4B6F-85D2-3F1A9B8580F5}) (Version: 4.0.450.1 - SMART Technologies ULC)
    SMART Sync Teacher (HKLM-x32\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Unity Web Player (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.11.9 - WildTangent) Hidden
    Wondershare Video Editor(Build 4.5.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1271087293-465154865-2948633367-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\jimmy\AppData\Local\Roblox\Versions\version-c2a7e6748ad54a86\RobloxProxy64.dll No File
     
    ==================== Restore Points  =========================
     
    18-12-2014 06:02:20 Windows Update
    25-12-2014 13:26:05 Scheduled Checkpoint
    01-01-2015 18:14:13 Scheduled Checkpoint
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 08:25 - 2014-11-21 21:53 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {066D7012-D626-4B3A-88A4-2EFF2BE832ED} - System32\Tasks\{1B5A351E-6456-4DCD-9137-9C2476C8113D} => pcalua.exe -a "C:\Users\jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C8RVGXX\cda-to-mp3-converter.exe" -d C:\Users\jimmy\Desktop
    Task: {360A0CDF-FE35-4A24-8D14-560A1196F977} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
    Task: {408DBE6A-D817-4107-8EAD-08D1427CBDDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
    Task: {55FB2DED-03A4-4D80-9060-C7F5BB981BEE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {5F5BF56B-3B3A-4F61-89B2-78C717B98B43} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
    Task: {644CD833-9DCE-42EC-9DCA-A4DBAEBFE5E7} - \boosterpop No Task File <==== ATTENTION
    Task: {691C5007-EADB-411E-A1C3-D155647E5129} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
    Task: {69A79124-8170-4D64-B9F3-3F8F85126E0A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {6C486CAD-5C9D-410A-80E5-5BA22409EA21} - System32\Tasks\{AB7133B4-07D0-495A-A9A6-C71305016BB2} => pcalua.exe -a C:\Users\jimmy\Downloads\kremove.exe -d C:\Users\jimmy\Downloads
    Task: {83D19DC0-FBCD-4324-B710-A40A48E9C9F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
    Task: {8BBB856F-24E0-41A8-8297-EEB1825C9FC1} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
    Task: {8EA43C2D-1C36-4648-8A81-D6A27EB6A0F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
    Task: {90FA3452-9D0D-4E28-AB4F-438CDD128B8D} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
    Task: {A0772BF0-15D3-43E1-833D-676DD0FA37AD} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
    Task: {AA4C659F-5A11-4E0A-A27A-0A7D56D5491E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {BE2827F4-3520-468C-A8D8-7AEAA7BA5985} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {C75750FE-9491-4958-B769-0FE29B4F5BED} - System32\Tasks\{89CD0DFD-7378-404D-BAED-78521FB39DF9} => pcalua.exe -a "C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online\Uninstaller.exe"
    Task: {D61D7859-723F-44DC-AC2C-7413E2995BD0} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
    Task: {D8FF2921-9A51-42DB-BA52-C2C4DDAA65E4} - System32\Tasks\{590EA461-2B48-470E-A64E-A8F7E95B5972} => pcalua.exe -a C:\Users\jimmy\AppData\Roaming\IMVUClient\Uninstall.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-06-27 16:50 - 2012-03-27 22:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    2014-08-04 17:03 - 2014-08-04 17:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-01-01 17:44 - 2015-01-01 17:44 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010101\algo.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00022440 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00054184 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00053680 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_signals.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_8ce60f5e6bc42419\boost_signals-vc100-mt-1_44.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 02296736 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_none_421d23a1fa0a055d\QtCore4.dll
    2014-10-19 21:30 - 2014-10-19 21:30 - 02364840 _____ () C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc100.1.1_9ca15c999435ee05_1.0.1.0_none_1bed397492abdaf4\xqilla-vc100-1_0.dll
    2014-10-19 21:30 - 2014-10-19 21:30 - 00066976 _____ () C:\WINDOWS\WinSxS\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_none_a9eddec61c291613\zlib1-vc100-mt-1.2.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 02310056 _____ () C:\WINDOWS\WinSxS\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_none_abdcef110f80cf28\redland-vc100-1_0_9.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00145328 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
    2014-10-19 21:31 - 2014-10-19 21:31 - 00051120 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
    2012-10-17 07:40 - 2012-10-17 07:40 - 00454656 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
    2012-10-17 07:40 - 2012-10-17 07:40 - 00030208 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
    2014-10-19 21:32 - 2014-10-19 21:32 - 07546272 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.5_9ca15c999435ee05_1.0.1.0_none_4232c379f9f9cd7b\QtGui4.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 02027424 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.5_9ca15c999435ee05_1.0.1.0_none_4232c379f9f9cd7b\QtCore4.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00524712 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_regex.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_cae4ebd2526cf46f\boost_regex-vc100-mt-1_44.dll
    2012-10-24 13:11 - 2012-10-24 13:11 - 01435544 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\activation2.dll
    2014-10-19 21:30 - 2014-10-19 21:30 - 02996648 _____ () C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc100.2.1_9ca15c999435ee05_1.0.1.0_none_1bed22ac92abf495\xqilla21.dll
    2011-06-22 07:19 - 2011-06-22 07:19 - 00070656 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\libLogger-vc100-2_0.dll
    2014-08-04 17:03 - 2014-08-04 17:03 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-26 20:30 - 2014-07-09 11:01 - 01459712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-08-26 20:30 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 01030048 _____ () C:\WINDOWS\WinSxS\x86_smarttech.js.vc70.1.8_37a8c5fef6a21868_1.0.2.1_none_e909cd048128eadf\js32.dll
    2012-10-24 13:11 - 2012-10-24 13:11 - 00466840 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\ziparchive-vc100-3_1_1a.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1271087293-465154865-2948633367-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-1271087293-465154865-2948633367-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1271087293-465154865-2948633367-1004 - Limited - Enabled)
    jimmy (S-1-5-21-1271087293-465154865-2948633367-1002 - Administrator - Enabled) => C:\Users\jimmy
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/01/2015 09:21:05 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {a49b9fe3-35d8-4a07-825a-d057a44814e8}
     
    Error: (01/01/2015 05:47:47 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {83df53b3-bb2d-4143-9d64-48a5f4e139f3}
     
    Error: (01/01/2015 05:27:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/01/2015 05:20:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/01/2015 05:18:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/01/2015 04:26:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/01/2015 04:10:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/01/2015 04:10:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app Amazon.com.Amazon_343d40qqvtj1t!App failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/01/2015 04:09:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app Amazon.com.Amazon_343d40qqvtj1t!App failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/01/2015 04:09:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app Amazon.com.Amazon_343d40qqvtj1t!App failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
     
    System errors:
    =============
    Error: (01/01/2015 09:17:30 PM) (Source: disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.
     
    Error: (01/01/2015 05:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Update EnterDigital service failed to start due to the following error: 
    %%2
     
    Error: (01/01/2015 05:42:52 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 5:41:00 PM on ‎1/‎1/‎2015 was unexpected.
     
    Error: (01/01/2015 05:22:24 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (01/01/2015 05:21:54 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (01/01/2015 05:21:23 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (01/01/2015 05:20:53 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (01/01/2015 05:20:23 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (01/01/2015 05:19:53 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}
     
    Error: (01/01/2015 05:19:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/01/2015 09:21:05 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {a49b9fe3-35d8-4a07-825a-d057a44814e8}
     
    Error: (01/01/2015 05:47:47 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {83df53b3-bb2d-4143-9d64-48a5f4e139f3}
     
    Error: (01/01/2015 05:27:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
     
    Error: (01/01/2015 05:20:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
     
    Error: (01/01/2015 05:18:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927151
     
    Error: (01/01/2015 04:26:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
     
    Error: (01/01/2015 04:10:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151
     
    Error: (01/01/2015 04:10:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Amazon.com.Amazon_343d40qqvtj1t!App-2144927151
     
    Error: (01/01/2015 04:09:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Amazon.com.Amazon_343d40qqvtj1t!App-2144927151
     
    Error: (01/01/2015 04:09:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Amazon.com.Amazon_343d40qqvtj1t!App-2144927151
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD E1-1200 APU with Radeon™ HD Graphics
    Percentage of memory in use: 37%
    Total physical RAM: 3810.07 MB
    Available physical RAM: 2365.92 MB
    Total Pagefile: 5026.07 MB
    Available Pagefile: 3376.23 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.85 MB
     
    ==================== Drives ================================
     
    Drive c: (Gateway) (Fixed) (Total:446.51 GB) (Free:318.94 GB) NTFS
    Drive g: () (Removable) (Total:0.98 GB) (Free:0.93 GB) FAT
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 70D4E092)
     
    Partition: GPT Partition Type.
     
    ========================================================
    Disk: 1 (Size: 1000 MB) (Disk ID: 00000000)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================


    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 01 January 2015 - 09:17 PM

    You need to rerun Malwarebytes until it comes up clean

     

    Make sure you follow these instructions

     

    •  
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Threat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked<----------
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished click on VIEW DETAILED LOG
    • When it opens click on COPY TO CLIPBOARD
    • Then paste the log back into this thread for review
    • Exit Malwarebytes
     
     
     
     
     
    I am attaching a Fixlist file, download it to the same directory that you are running FRST from,it looks like your desktop, after you download it open up FRST and click on FIX
     
     
    After Malwarebytes runs clean and your run the fix, let me know how your system is behaving now

     

      

    Attached Files



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 curlee1982

    curlee1982

      Authentic Member

    • Authentic Member
    • PipPip
    • 22 posts

    Posted 02 January 2015 - 10:31 PM

    Malwarebytes is not allowing me to make changes in the advanced setting keys because I do not have the premium package and my free trial has expired. Any suggestions? Can i quarantine after the program runs?



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 03 January 2015 - 05:53 AM

    Lets completely remove Malwarebytes from your system but use there removal tool, actually run the tool twice rebooting after each run, then download the latest version via the instructions

     

     
     
    •  
    • Download and run their removal utility HERE
    • It will ask to restart your computer (please allow it to).
    • Then download Malwarebytes' Anti-Malware Version 2.0.4  from HERE
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Threat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes
     


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 curlee1982

    curlee1982

      Authentic Member

    • Authentic Member
    • PipPip
    • 22 posts

    Posted 04 January 2015 - 02:58 PM

    I ran the removal tool for Malwarebytes twice as you said and reloaded it. It did let me make changes on the advanced settings page. When it finished scanning, I still had to hit quarantine all.  When I open the log and hit copy to clipboard nothing happens. The only way I can get a copy of the log is to export it as a text file and save it to the desktop. I don't remember having to do this before so I'm not sure if this is correct. I have run the fixlist in FRST and everything appears to be running clean! I'm not seeing the ads or extra tabs opening up as before. Here is a copy of the last malwarebytes log.

     

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 1/3/2015
    Scan Time: 12:44:21 PM
    Logfile: malwarebytes2.txt
    Administrator: Yes
     
    Version: 2.00.4.1028
    Malware Database: v2015.01.03.07
    Rootkit Database: v2014.12.30.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: jimmy
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 422439
    Time Elapsed: 26 hr, 24 min, 41 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 4
    PUP.Optional.BoostSaves.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [08fbf201ee9bfd3986c260052bd80df3], 
    PUP.Optional.BoostSaves.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Quarantined, [46bd29ca02873df953f51a4baa594ab6], 
    PUP.Optional.Boost.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [3cc7db18e2a7d3630d856f10b74cd52b], 
    PUP.Optional.Boost.A, C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [cf3415debbce0432cfc3fb845ea5f50b], 
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)


    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 04 January 2015 - 04:30 PM

    Great, look for the Fixlog that FRST created after the fix, it should be on your desktop, post it please. Then go ahead and run a new scan with FRST, checkmark Additions and post both logs and let me take a final look



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #11 curlee1982

    curlee1982

      Authentic Member

    • Authentic Member
    • PipPip
    • 22 posts

    Posted 05 January 2015 - 06:49 PM

    Here are the logs you requested. Still running very well!

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
    Ran by jimmy at 2015-01-04 15:24:25 Run:2
    Running from C:\Users\jimmy\Desktop
    Loaded Profile: jimmy (Available profiles: jimmy & Administrator)
    Boot Mode: Normal
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-1271087293-465154865-2948633367-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Task: {644CD833-9DCE-42EC-9DCA-A4DBAEBFE5E7} - \boosterpop No Task File <==== ATTENTION
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************
     
    Processes closed successfully.
    C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-1271087293-465154865-2948633367-1002\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{644CD833-9DCE-42EC-9DCA-A4DBAEBFE5E7}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{644CD833-9DCE-42EC-9DCA-A4DBAEBFE5E7}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop" => Key deleted successfully.
     
    =========  ipconfig /flushdns =========
     
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========= End of CMD: =========
     
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1.2 GB temporary data.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog 15:35:14 ====
     
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
    Ran by jimmy (administrator) on OURPC on 05-01-2015 19:38:26
    Running from C:\Users\jimmy\Desktop
    Loaded Profile: jimmy (Available profiles: jimmy & Administrator)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Torch)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Spotify Ltd) C:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
    (SMART Technologies ULC.) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    (Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
    (Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
    (SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
    (SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    () C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62360 2012-10-24] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [2219416 2012-10-24] (SMART Technologies)
    HKLM-x32\...\Run: [SMART Board Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [10132336 2012-03-09] (SMART Technologies ULC)
    HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [98200 2012-10-25] (SMART Technologies)
    HKLM-x32\...\Run: [Response Desktop Menu] => C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [1990040 2012-10-17] (SMART Technologies ULC)
    HKLM-x32\...\Run: [SMARTClassroomCoordinator.exe] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [485232 2011-06-22] (SMART Technologies ULC.)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
    HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-07-09] (Wondershare)
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Run: [Spotify Web Helper] => C:\Users\jimmy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-12] (Spotify Ltd)
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Run: [DelayShred] => c:\Program Files\McAfee\MQS\ShrCL.exe [101272 2014-09-30] (McAfee, Inc.)
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\MountPoints2: {70a1e263-92fe-11e4-bf94-eca86baeef58} - "D:\setup.exe" -a
    Startup: C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = web.roblox.com
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1271087293-465154865-2948633367-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
    BHO: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
    Toolbar: HKLM-x32 - SMART Sync - {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll (SMART Technologies ULC.)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    Toolbar: HKU\S-1-5-21-1271087293-465154865-2948633367-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
    DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\l8b5k1dm.default
    FF SearchEngineOrder.1: Secure Search
    FF DefaultSearchEngine: Secure Search
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1271087293-465154865-2948633367-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jimmy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-30]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-07]
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (EnterDigital) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcdilgmfebioicioimhbfoaclhgnbahl [2014-11-21]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
    CHR Extension: (Google Wallet) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-29] (WildTangent)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
    R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
    R2 Response Hardware; C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [19352 2012-10-17] (SMART Technologies ULC)
    R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [582552 2012-10-24] (SMART Technologies)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
    R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
    S3 cricut; C:\Windows\system32\DRIVERS\cricut_x64.sys [72248 2014-12-30] ()
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
    R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-09-11] (McAfee, Inc.)
    R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
    R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
    R3 SMARTMouseFilterx64; C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [16280 2012-10-24] (SMART Technologies)
    R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [15256 2012-10-24] (SMART Technologies)
    R3 SMARTVTabletPCx64; C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [24984 2012-10-24] (SMART Technologies ULC)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-04 16:57 - 2015-01-04 16:57 - 03579246 _____ () C:\Users\jimmy\Downloads\2970275_7725991.mp4
    2015-01-04 15:11 - 2015-01-04 15:11 - 00001835 _____ () C:\Users\jimmy\Desktop\malwarebytes2.txt
    2015-01-04 15:11 - 2015-01-04 15:11 - 00000419 _____ () C:\Users\jimmy\Downloads\Fixlist.txt
    2015-01-04 13:38 - 2015-01-04 13:38 - 00002636 _____ () C:\Users\jimmy\Documents\test movie.wlmp
    2015-01-03 12:35 - 2015-01-03 12:35 - 00001423 _____ () C:\Users\jimmy\Desktop\malwarebytes1.txt
    2015-01-03 12:35 - 2015-01-03 12:35 - 00001422 _____ () C:\Users\jimmy\Desktop\malwarebytes.txt
    2015-01-03 10:53 - 2015-01-03 10:54 - 67183278 _____ () C:\Users\jimmy\Downloads\ITB v23.zip
    2015-01-03 09:02 - 2015-01-05 19:18 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-01-03 09:00 - 2015-01-03 09:00 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-03 09:00 - 2015-01-03 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-03 08:59 - 2015-01-03 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-03 08:59 - 2015-01-03 08:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-03 08:59 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-01-03 08:59 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-01-03 08:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-01-03 08:58 - 2015-01-03 08:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jimmy\Downloads\mbam-setup-2.0.4.1028 (4).exe
    2015-01-03 08:45 - 2015-01-03 08:45 - 00321848 _____ (Malwarebytes Corporation) C:\Users\jimmy\Downloads\mbam-clean-2.1.1.1001 (1).exe
    2015-01-03 08:35 - 2015-01-03 08:35 - 00321848 _____ (Malwarebytes Corporation) C:\Users\jimmy\Downloads\mbam-clean-2.1.1.1001.exe
    2015-01-02 23:21 - 2015-01-02 23:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jimmy\Downloads\mbam-setup-2.0.4.1028 (3).exe
    2015-01-02 21:45 - 2015-01-02 21:45 - 00018917 _____ () C:\Users\jimmy\Documents\My Movie.wlmp
    2015-01-02 21:45 - 2015-01-02 21:45 - 00000000 ____D () C:\Users\jimmy\Tracing
    2015-01-02 19:56 - 2015-01-02 19:56 - 00000000 ____D () C:\WINDOWS\en
    2015-01-02 19:55 - 2015-01-02 19:55 - 00001481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-01-02 19:55 - 2015-01-02 19:55 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2015-01-02 19:55 - 2015-01-02 19:55 - 00001328 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2015-01-02 19:55 - 2015-01-02 19:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2015-01-02 19:55 - 2015-01-02 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2015-01-02 19:54 - 2015-01-02 19:54 - 00002509 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2015-01-02 19:53 - 2015-01-02 19:55 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2015-01-02 19:53 - 2015-01-02 19:53 - 00000000 ____D () C:\WINDOWS\PCHEALTH
    2015-01-02 19:53 - 2015-01-02 19:53 - 00000000 ____D () C:\Program Files\Windows Live
    2015-01-02 19:51 - 2015-01-02 19:51 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2015-01-02 19:49 - 2015-01-02 20:03 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Windows Live
    2015-01-02 19:47 - 2015-01-02 19:47 - 01239752 _____ (Microsoft Corporation) C:\Users\jimmy\Downloads\wlsetup-web.exe
    2015-01-02 08:19 - 2015-01-02 08:19 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jimmy\Downloads\mbam-setup-2.0.4.1028 (2).exe
    2015-01-02 08:12 - 2015-01-02 08:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jimmy\Downloads\mbam-setup-2.0.4.1028 (1).exe
    2015-01-01 12:38 - 2015-01-01 12:39 - 00004252 _____ () C:\Users\jimmy\Documents\The_Lord_Never_Closes_His_Eyes.mscz
    2015-01-01 09:57 - 2015-01-01 09:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jimmy\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-01 09:55 - 2015-01-01 09:55 - 00001742 _____ () C:\Users\jimmy\Desktop\JRT.txt
    2015-01-01 09:28 - 2015-01-01 09:28 - 01707939 _____ (Thisisu) C:\Users\jimmy\Downloads\JRT (2).exe
    2015-01-01 09:26 - 2015-01-01 09:26 - 01707939 _____ (Thisisu) C:\Users\jimmy\Downloads\JRT (1).exe
    2015-01-01 09:23 - 2015-01-01 09:23 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-01-01 09:16 - 2015-01-01 09:16 - 00007161 _____ () C:\Users\jimmy\Desktop\AdwCleaner[S1].txt
    2015-01-01 09:01 - 2015-01-01 09:01 - 02173952 _____ () C:\Users\jimmy\Downloads\AdwCleaner.exe
    2014-12-31 16:26 - 2015-01-04 15:23 - 00035843 _____ () C:\Users\jimmy\Desktop\Addition.txt
    2014-12-31 14:22 - 2014-12-31 14:22 - 05198336 _____ (AVAST Software) C:\Users\jimmy\Downloads\aswMBR (3).exe
    2014-12-31 14:01 - 2014-12-31 14:01 - 05198336 _____ (AVAST Software) C:\Users\jimmy\Downloads\aswMBR (2).exe
    2014-12-30 12:30 - 2014-12-30 12:30 - 00000000 ____D () C:\Program Files\Provocraft
    2014-12-30 12:30 - 2014-12-30 12:25 - 00072248 _____ () C:\WINDOWS\system32\Drivers\cricut_x64.sys
    2014-12-30 12:28 - 2014-12-30 12:28 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\com.cricut.Cricut-CraftRoom
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricut-Craft Room.lnk
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000980 _____ () C:\Users\Public\Desktop\Cricut-Craft Room.lnk
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
    2014-12-30 12:27 - 2014-12-30 12:27 - 00000000 ____D () C:\Program Files (x86)\Cricut-Craft Room
    2014-12-30 12:24 - 2014-12-30 12:24 - 13202592 _____ () C:\Users\jimmy\Downloads\cricut-craftroom.exe
    2014-12-30 12:24 - 2014-12-30 12:24 - 13202592 _____ () C:\Users\jimmy\Downloads\cricut-craftroom (1).exe
    2014-12-21 14:04 - 2014-12-21 14:04 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105 (2).AVI
    2014-12-21 14:01 - 2014-12-21 14:01 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105 (1).AVI
    2014-12-21 14:00 - 2014-12-21 14:00 - 169599096 _____ () C:\Users\jimmy\Downloads\SUNP0105.AVI
    2014-12-20 23:37 - 2014-12-20 23:37 - 00014925 ____H () C:\Users\jimmy\Documents\~WRL1169.tmp
    2014-12-18 22:00 - 2014-12-18 22:01 - 248306803 _____ () C:\Users\jimmy\Downloads\KSP_demo_win.zip
    2014-12-18 05:53 - 2014-09-11 14:33 - 00076064 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
    2014-12-18 05:52 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
    2014-12-17 20:45 - 2015-01-04 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2014-12-15 18:49 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2014-12-15 18:49 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2014-12-14 13:43 - 2014-12-18 22:02 - 00000000 ____D () C:\Users\jimmy\Desktop\mods
    2014-12-13 09:55 - 2014-12-13 09:55 - 01660981 _____ () C:\Users\jimmy\Downloads\Channel Art Template (Photoshop)
    2014-12-12 21:33 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-12-12 21:33 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-12 21:28 - 2014-12-12 21:28 - 00000000 ____D () C:\WINDOWS\system32\appraiser
    2014-12-09 18:52 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
    2014-12-09 18:52 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
    2014-12-09 18:52 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2014-12-09 18:51 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2014-12-09 18:31 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-12-09 18:31 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2014-12-09 18:31 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2014-12-09 18:31 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2014-12-09 18:31 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2014-12-09 18:31 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-12-09 18:31 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-12-09 18:31 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2014-12-09 18:31 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2014-12-09 18:31 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2014-12-09 18:30 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
    2014-12-09 18:03 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-12-09 18:03 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-12-09 18:03 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-12-09 18:03 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2014-12-09 18:03 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-12-09 18:03 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2014-12-09 18:03 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-12-09 18:03 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-12-09 18:03 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-12-09 18:03 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-12-09 18:03 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2014-12-09 18:03 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2014-12-09 18:03 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-12-09 18:03 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-12-09 18:03 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-12-09 18:03 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2014-12-09 18:03 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2014-12-09 18:03 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2014-12-09 18:03 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-12-09 18:03 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-12-09 18:03 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-12-09 18:03 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-12-09 18:03 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-12-09 18:03 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-12-09 18:03 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2014-12-09 18:03 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-12-09 18:03 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-12-09 18:03 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2014-12-09 18:03 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-12-09 18:03 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2014-12-09 18:03 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-12-09 18:03 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-12-09 18:03 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-12-09 18:03 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-12-09 18:03 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-12-09 18:03 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-12-09 18:03 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-12-09 18:03 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-12-09 18:03 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-12-08 05:33 - 2014-12-08 05:33 - 14289721 _____ () C:\Users\jimmy\Documents\the nutcracker.notebook
    2014-12-08 05:10 - 2014-12-08 05:11 - 07407866 _____ () C:\Users\jimmy\Downloads\Mariisnky - The Nutcracker - Tea (Chinese Dance) - Ovation.flv
    2014-12-08 05:00 - 2014-12-08 05:01 - 07548025 _____ () C:\Users\jimmy\Downloads\The Nutcracker - Dance of the Reed Pipes (1).flv
    2014-12-08 04:54 - 2014-12-08 04:55 - 07548025 _____ () C:\Users\jimmy\Downloads\The Nutcracker - Dance of the Reed Pipes.flv
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-01-05 19:40 - 2014-11-25 21:22 - 00023975 _____ () C:\Users\jimmy\Desktop\FRST.txt
    2015-01-05 19:38 - 2014-10-24 20:58 - 00000000 ____D () C:\FRST
    2015-01-05 19:12 - 2014-05-07 13:45 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2.job
    2015-01-05 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-01-05 18:45 - 2013-03-16 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-01-05 17:14 - 2014-10-20 17:16 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B9791AE5-E39C-4E49-8217-4386C0483A75}
    2015-01-05 16:45 - 2014-10-19 21:05 - 01544356 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-01-05 12:12 - 2013-12-15 20:16 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-01-05 11:41 - 2014-10-21 20:40 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Deployment
    2015-01-04 21:56 - 2013-02-22 17:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1271087293-465154865-2948633367-1002
    2015-01-04 20:04 - 2013-11-21 20:01 - 00000000 ____D () C:\Users\jimmy\Desktop\YouTube
    2015-01-04 16:57 - 2014-10-24 20:13 - 00392192 ___SH () C:\Users\jimmy\Downloads\Thumbs.db
    2015-01-04 15:42 - 2013-12-07 15:51 - 00000000 __RSD () C:\Users\jimmy\Documents\McAfee Vaults
    2015-01-04 15:40 - 2013-12-30 12:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-01-04 15:39 - 2014-10-24 21:28 - 00234496 ___SH () C:\Users\jimmy\Desktop\Thumbs.db
    2015-01-04 15:37 - 2014-11-21 22:00 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-01-04 15:37 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-01-04 15:36 - 2014-09-24 02:03 - 00145814 _____ () C:\WINDOWS\PFRO.log
    2015-01-04 15:36 - 2013-08-22 10:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
    2015-01-04 15:36 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-01-04 15:24 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
    2015-01-04 15:13 - 2014-10-28 17:13 - 00000000 ____D () C:\Users\jimmy\Desktop\FRST-OlderVersion
    2015-01-04 15:13 - 2014-10-24 20:58 - 02123776 _____ (Farbar) C:\Users\jimmy\Desktop\FRST64.exe
    2015-01-03 11:28 - 2013-08-22 09:45 - 00000000 ____D () C:\WINDOWS\Setup
    2015-01-03 10:31 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-01-03 08:37 - 2014-10-19 21:14 - 00000000 ____D () C:\Users\jimmy
    2015-01-03 04:43 - 2013-01-28 17:05 - 00000000 ____D () C:\Users\jimmy\Documents\Christians Work
    2015-01-02 23:14 - 2013-08-22 09:46 - 00332428 _____ () C:\WINDOWS\setupact.log
    2015-01-02 23:11 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2015-01-02 21:47 - 2013-03-24 12:33 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Audacity
    2015-01-02 19:53 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-01-02 19:52 - 2013-11-23 07:49 - 00031301 _____ () C:\WINDOWS\DirectX.log
    2015-01-02 09:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Vss
    2015-01-02 06:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-01-01 13:35 - 2014-08-26 20:27 - 00000000 ____D () C:\Users\jimmy\Documents\Wondershare Video Editor
    2015-01-01 09:14 - 2013-02-25 21:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-01 09:11 - 2014-10-26 16:12 - 00000000 ____D () C:\AdwCleaner
    2014-12-31 20:39 - 2014-10-24 20:13 - 00152576 ___SH () C:\Users\jimmy\Documents\Thumbs.db
    2014-12-31 19:59 - 2014-06-27 16:50 - 00000000 ____D () C:\ProgramData\CanonIJPLM
    2014-12-31 16:15 - 2014-11-25 21:21 - 00003479 _____ () C:\Users\jimmy\Desktop\aswMBR.txt
    2014-12-31 16:15 - 2014-10-24 20:57 - 00000512 _____ () C:\Users\jimmy\Desktop\MBR.dat
    2014-12-31 13:59 - 2013-03-11 00:06 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Spotify
    2014-12-31 13:59 - 2013-03-11 00:06 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Spotify
    2014-12-30 12:28 - 2013-03-27 13:08 - 00000000 ____D () C:\ProgramData\Adobe
    2014-12-30 12:27 - 2013-03-27 13:10 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-12-30 12:26 - 2013-02-21 21:21 - 00000000 ____D () C:\Users\jimmy\AppData\Roaming\Adobe
    2014-12-30 12:25 - 2013-03-27 13:17 - 00000000 ____D () C:\Users\jimmy\AppData\Local\Adobe
    2014-12-26 07:15 - 2013-02-25 21:31 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-12-26 07:15 - 2013-02-25 21:31 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-12-26 07:14 - 2013-03-01 16:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-26 07:13 - 2014-07-15 11:57 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2014-12-18 06:04 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-12-18 05:51 - 2013-12-07 15:39 - 00000000 ____D () C:\Program Files\Common Files\McAfee
    2014-12-18 05:50 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
    2014-12-18 05:48 - 2013-12-07 15:39 - 00000000 ____D () C:\ProgramData\McAfee
    2014-12-13 22:02 - 2014-09-08 05:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-13 22:02 - 2014-09-08 05:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-13 14:02 - 2013-08-07 12:57 - 00000000 ____D () C:\Users\jimmy\Desktop\StaffWars22XP
    2014-12-13 14:01 - 2013-11-21 20:01 - 00000000 ____D () C:\Users\jimmy\Desktop\pb
    2014-12-13 08:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-12-13 08:11 - 2014-09-08 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-12 21:57 - 2013-03-27 13:10 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-12 21:28 - 2014-09-24 04:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
    2014-12-12 21:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
    2014-12-12 11:30 - 2013-12-15 20:17 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-09 20:10 - 2013-02-21 21:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-09 19:59 - 2013-08-24 19:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-12-09 19:42 - 2013-02-22 23:11 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-12-09 17:45 - 2013-03-16 08:30 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-01-04 19:40
     
    ==================== End Of Log ============================
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
    Ran by jimmy at 2015-01-05 19:42:29
    Running from C:\Users\jimmy\Desktop
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Ableton Live 9 Trial (HKLM-x32\...\{A29BB48D-59ED-411C-AB20-3FA488D08161}) (Version: 9.0.0.0 - Ableton)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Blender (HKLM\...\Blender) (Version: 2.72b - Blender Foundation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
    Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
    Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
    Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
    Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cricut ™ Driver v2.01 (HKLM-x32\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
    Cricut Craft Room® (HKLM-x32\...\com.cricut.Cricut-CraftRoom) (Version: v1.0 build-187 - Provo Craft & Novelty, Inc.)
    Cricut Craft Room® (x32 Version: 1.0.187 - Provo Craft & Novelty, Inc.) Hidden
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DC Universe Online (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)
    DC Universe Online Live (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
    Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Free YouTube Downloader 3.5.181 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
    Game Channels (x32 Version: 7.1.0.17 - WildTangent, Inc.) Hidden
    Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Gateway Incorporated)
    Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
    Hunting Unlimited 2010 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hunting Unlimited 2011 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
    McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
    McAfee Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Minecraft Packages (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\Minecraft Packages) (Version:  - ) <==== ATTENTION
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
    Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
    Norton Online Backup ARA (x32 Version: 4.1.0.10 - Symantec Corporation) Hidden
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    PCBooster (HKLM-x32\...\{AF0EAAE6-B2E2-48E7-8A74-0A0F909CE382}) (Version: 1.0.0 - Portable Booster) <==== ATTENTION
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
    Sculptris Alpha 6 (HKLM-x32\...\InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}) (Version: 0.6 - Pixologic)
    Sculptris Alpha 6 (x32 Version: 0.6 - Pixologic) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    SMART Common Files (HKLM-x32\...\{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}) (Version: 11.1.34.1 - SMART Technologies ULC)
    SMART Ink (HKLM-x32\...\{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}) (Version: 1.1.233.0 - SMART Technologies ULC)
    SMART Notebook (HKLM-x32\...\{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}) (Version: 11.0.705.1 - SMART Technologies ULC)
    SMART Product Drivers (HKLM-x32\...\{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}) (Version: 11.0.510.2 - SMART Technologies ULC)
    SMART Response Software (HKLM-x32\...\{02885557-ACA5-4B6F-85D2-3F1A9B8580F5}) (Version: 4.0.450.1 - SMART Technologies ULC)
    SMART Sync Teacher (HKLM-x32\...\{9D81615E-B150-488B-90CA-1159E2113BE3}) (Version: 10.0.576.0 - SMART Technologies ULC)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Unity Web Player (HKU\S-1-5-21-1271087293-465154865-2948633367-1002\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.11.9 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Wondershare Video Editor(Build 4.5.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-1271087293-465154865-2948633367-1002_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\jimmy\AppData\Local\Roblox\Versions\version-c2a7e6748ad54a86\RobloxProxy64.dll No File
     
    ==================== Restore Points  =========================
     
    18-12-2014 06:02:20 Windows Update
    25-12-2014 13:26:05 Scheduled Checkpoint
    01-01-2015 18:14:13 Scheduled Checkpoint
    02-01-2015 19:49:04 Windows Live Essentials
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2013-08-22 08:25 - 2015-01-04 15:24 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {066D7012-D626-4B3A-88A4-2EFF2BE832ED} - System32\Tasks\{1B5A351E-6456-4DCD-9137-9C2476C8113D} => pcalua.exe -a "C:\Users\jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2C8RVGXX\cda-to-mp3-converter.exe" -d C:\Users\jimmy\Desktop
    Task: {360A0CDF-FE35-4A24-8D14-560A1196F977} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
    Task: {408DBE6A-D817-4107-8EAD-08D1427CBDDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
    Task: {55FB2DED-03A4-4D80-9060-C7F5BB981BEE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {685EEE2E-11AB-4A3D-815B-E212B4E01118} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-09] (Microsoft Corporation)
    Task: {691C5007-EADB-411E-A1C3-D155647E5129} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
    Task: {69A79124-8170-4D64-B9F3-3F8F85126E0A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {6C486CAD-5C9D-410A-80E5-5BA22409EA21} - System32\Tasks\{AB7133B4-07D0-495A-A9A6-C71305016BB2} => pcalua.exe -a C:\Users\jimmy\Downloads\kremove.exe -d C:\Users\jimmy\Downloads
    Task: {83D19DC0-FBCD-4324-B710-A40A48E9C9F8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
    Task: {8BBB856F-24E0-41A8-8297-EEB1825C9FC1} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
    Task: {8EA43C2D-1C36-4648-8A81-D6A27EB6A0F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-15] (Google Inc.)
    Task: {90FA3452-9D0D-4E28-AB4F-438CDD128B8D} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
    Task: {A0772BF0-15D3-43E1-833D-676DD0FA37AD} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
    Task: {AA4C659F-5A11-4E0A-A27A-0A7D56D5491E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {BE2827F4-3520-468C-A8D8-7AEAA7BA5985} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {C75750FE-9491-4958-B769-0FE29B4F5BED} - System32\Tasks\{89CD0DFD-7378-404D-BAED-78521FB39DF9} => pcalua.exe -a "C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online\Uninstaller.exe"
    Task: {D61D7859-723F-44DC-AC2C-7413E2995BD0} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
    Task: {D8FF2921-9A51-42DB-BA52-C2C4DDAA65E4} - System32\Tasks\{590EA461-2B48-470E-A64E-A8F7E95B5972} => pcalua.exe -a C:\Users\jimmy\AppData\Roaming\IMVUClient\Uninstall.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf6a24736f14b2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2014-06-27 16:50 - 2012-03-27 22:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
    2014-10-21 18:48 - 2014-10-21 18:48 - 00072192 _____ () C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.2.7_neutral__343d40qqvtj1t\AmazonForWindowsWebview.exe
    2014-08-04 17:03 - 2014-08-04 17:03 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-01-04 13:02 - 2015-01-04 13:02 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
    2015-01-05 13:13 - 2015-01-05 13:13 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00022440 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_system.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_3b5a2197c9e04a1f\boost_system-vc100-mt-1_44.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00054184 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00053680 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_signals.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_8ce60f5e6bc42419\boost_signals-vc100-mt-1_44.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 02296736 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.7_9ca15c999435ee05_1.0.1.0_none_421d23a1fa0a055d\QtCore4.dll
    2014-10-19 21:30 - 2014-10-19 21:30 - 02364840 _____ () C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc100.1.1_9ca15c999435ee05_1.0.1.0_none_1bed397492abdaf4\xqilla-vc100-1_0.dll
    2014-10-19 21:30 - 2014-10-19 21:30 - 00066976 _____ () C:\WINDOWS\WinSxS\x86_smarttech.zlib.vc100.1.2_9ca15c999435ee05_1.0.1.0_none_a9eddec61c291613\zlib1-vc100-mt-1.2.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 02310056 _____ () C:\WINDOWS\WinSxS\x86_smarttech.redland.vc100.1.0_9ca15c999435ee05_1.0.1.0_none_abdcef110f80cf28\redland-vc100-1_0_9.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00145328 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_filesystem.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_73736a4543634e09\boost_filesystem-vc100-mt-1_44.dll
    2014-10-19 21:31 - 2014-10-19 21:31 - 00051120 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 07546272 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.5_9ca15c999435ee05_1.0.1.0_none_4232c379f9f9cd7b\QtGui4.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 02027424 _____ () C:\WINDOWS\WinSxS\x86_smarttech.qt.vc100.4.5_9ca15c999435ee05_1.0.1.0_none_4232c379f9f9cd7b\QtCore4.dll
    2014-10-19 21:32 - 2014-10-19 21:32 - 00524712 _____ () C:\WINDOWS\WinSxS\x86_smarttech.boost_regex.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_cae4ebd2526cf46f\boost_regex-vc100-mt-1_44.dll
    2012-10-24 13:11 - 2012-10-24 13:11 - 01435544 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\activation2.dll
    2014-10-19 21:30 - 2014-10-19 21:30 - 02996648 _____ () C:\WINDOWS\WinSxS\x86_smarttech.xqilla.vc100.2.1_9ca15c999435ee05_1.0.1.0_none_1bed22ac92abf495\xqilla21.dll
    2011-06-22 07:19 - 2011-06-22 07:19 - 00070656 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\libLogger-vc100-2_0.dll
    2014-08-04 17:03 - 2014-08-04 17:03 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-26 20:30 - 2014-07-09 11:01 - 01459712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
    2014-08-26 20:30 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
    2012-10-17 07:40 - 2012-10-17 07:40 - 00454656 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
    2012-10-17 07:40 - 2012-10-17 07:40 - 00030208 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
    2014-10-19 21:32 - 2014-10-19 21:32 - 01030048 _____ () C:\WINDOWS\WinSxS\x86_smarttech.js.vc70.1.8_37a8c5fef6a21868_1.0.2.1_none_e909cd048128eadf\js32.dll
    2012-10-24 13:11 - 2012-10-24 13:11 - 00466840 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\ziparchive-vc100-3_1_1a.dll
    2014-10-26 17:22 - 2014-10-26 17:22 - 00334848 _____ () C:\Users\jimmy\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\CLR_v4.0_32\NativeImages\AmazonForWi3a7c204a#\9fd3d15d3d76ee96d7a68bfd4e6e2875\AmazonForWindowsWebview.ni.exe
    2014-10-23 14:47 - 2014-10-23 14:47 - 03530752 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\90a4331ab5b5bb3ead23d75d4349a491\Windows.UI.Xaml.ni.dll
    2014-10-23 14:47 - 2014-10-23 14:47 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
    2014-10-26 17:22 - 2014-10-26 17:22 - 00378368 _____ () C:\Users\jimmy\AppData\Local\Packages\Amazon.com.Amazon_343d40qqvtj1t\AC\Microsoft\CLR_v4.0_32\NativeImages\Helper\8400bacf703fbe932482c715b8a4a2f5\Helper.ni.dll
    2014-10-23 14:47 - 2014-10-23 14:47 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll
    2014-10-23 14:47 - 2014-10-23 14:47 - 00960000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\6c2169e34bfb3814fa44f267572335f6\Windows.UI.ni.dll
    2014-10-23 14:47 - 2014-10-23 14:47 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll
    2014-10-23 14:47 - 2014-10-23 14:47 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
    2014-12-22 17:27 - 2014-12-22 17:27 - 00337920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\fe565d34d4335337c06264bb0d85e3b0\Windows.Data.ni.dll
    2014-10-23 14:47 - 2014-10-23 14:47 - 00133120 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7819e306c2c55c42f35a5fa10b93710f\Windows.System.ni.dll
    2014-12-22 17:28 - 2014-12-22 17:28 - 00869888 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Web\e80741874129b38ff4bc85abedf8e4a2\Windows.Web.ni.dll
    2014-12-12 11:28 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-12 11:28 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-12 11:28 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-12 11:28 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1271087293-465154865-2948633367-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-1271087293-465154865-2948633367-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1271087293-465154865-2948633367-1004 - Limited - Enabled)
    jimmy (S-1-5-21-1271087293-465154865-2948633367-1002 - Administrator - Enabled) => C:\Users\jimmy
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (01/05/2015 06:43:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/04/2015 03:43:24 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {ae1e3a2e-9b69-4e4f-9f42-81c4ca1bd9ff}
     
    Error: (01/04/2015 00:59:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: Activation of app FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (01/04/2015 00:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
    Faulting module name: twinui.dll, version: 6.3.9600.17324, time stamp: 0x53f822bf
    Exception code: 0xc0000005
    Fault offset: 0x00000000001f39fa
    Faulting process id: 0x864
    Faulting application start time: 0xExplorer.EXE0
    Faulting application path: Explorer.EXE1
    Faulting module path: Explorer.EXE2
    Report Id: Explorer.EXE3
    Faulting package full name: Explorer.EXE4
    Faulting package-relative application ID: Explorer.EXE5
     
    Error: (01/04/2015 00:59:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ourpc)
    Description: App FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager did not launch within its allotted time.
     
    Error: (01/04/2015 04:23:43 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/04/2015 04:02:40 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (01/03/2015 11:34:59 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {9f8c4aac-4bcf-4dcb-89e2-f501b01c5759}
     
    Error: (01/03/2015 08:48:59 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {5684527d-2080-46af-8a32-4dcf16f234f2}
     
    Error: (01/03/2015 08:41:19 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {8ab83c52-9309-4559-924a-741b92f0a6ed}
     
     
    System errors:
    =============
    Error: (01/05/2015 06:42:24 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (01/05/2015 06:41:52 AM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
     
    Error: (01/04/2015 03:36:16 PM) (Source: disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR2.
     
    Error: (01/04/2015 03:35:49 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
     
    Error: (01/04/2015 03:35:49 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
     
    Error: (01/04/2015 03:35:48 PM) (Source: DCOM) (EventID: 10010) (User: ourpc)
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
     
    Error: (01/04/2015 03:25:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    %%1056
     
    Error: (01/04/2015 03:24:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The McAfee Online Backup service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (01/04/2015 03:24:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (01/04/2015 03:24:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (01/05/2015 06:43:30 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Cricut-Craft Room\Drivers\Cricut Expression Drivers ia64.exe
     
    Error: (01/04/2015 03:43:24 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {ae1e3a2e-9b69-4e4f-9f42-81c4ca1bd9ff}
     
    Error: (01/04/2015 00:59:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ourpc)
    Description: FileManager_cw5n1h2txyewy!Microsoft.Windows.PhotoManager-2144927142
     
    Error: (01/04/2015 00:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Explorer.EXE6.3.9600.1728453f816dctwinui.dll6.3.9600.1732453f822bfc000000500000000001f39fa86401d027726f7aab64C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\twinui.dll70a1e65d-943b-11e4-bf97-eca86baeef58
     
    Error: (01/04/2015 00:59:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: ourpc)
    Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.PhotoManager
     
    Error: (01/04/2015 04:23:43 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Cricut-Craft Room\Drivers\Cricut Expression Drivers ia64.exe
     
    Error: (01/04/2015 04:02:40 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files (x86)\Cricut-Craft Room\Drivers\Cricut Expression Drivers ia64.exe
     
    Error: (01/03/2015 11:34:59 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {9f8c4aac-4bcf-4dcb-89e2-f501b01c5759}
     
    Error: (01/03/2015 08:48:59 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {5684527d-2080-46af-8a32-4dcf16f234f2}
     
    Error: (01/03/2015 08:41:19 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.
     
     
    Operation:
       Gathering Writer Data
     
    Context:
       Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
       Writer Name: System Writer
       Writer Instance ID: {8ab83c52-9309-4559-924a-741b92f0a6ed}
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD E1-1200 APU with Radeon™ HD Graphics
    Percentage of memory in use: 53%
    Total physical RAM: 3810.07 MB
    Available physical RAM: 1768.81 MB
    Total Pagefile: 5026.07 MB
    Available Pagefile: 1717.57 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB
     
    ==================== Drives ================================
     
    Drive c: (Gateway) (Fixed) (Total:446.51 GB) (Free:312.28 GB) NTFS
    Drive d: () (Removable) (Total:0.98 GB) (Free:0.34 GB) FAT
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 70D4E092)
     
    Partition: GPT Partition Type.
     
    ========================================================
    Disk: 1 (Size: 1000 MB) (Disk ID: 00000000)
     
    Partition: GPT Partition Type.
     
    ==================== End Of Log ============================


    #12 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 05 January 2015 - 07:56 PM

    Looking at both Avast and McAfee AntiVirus on your system, Microsoft recommends that you just have one, more than one is overkill and can hamper system performance, just keep one, keep it updated and run regular scans, your call but you need to uninstall one.

     

    Rest of your log looks ok, any problems ?



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #13 curlee1982

    curlee1982

      Authentic Member

    • Authentic Member
    • PipPip
    • 22 posts

    Posted 06 January 2015 - 05:40 PM

    No more problems...running great. Thank you so much! I was growing weary of ads for wives from Russia...since I'm married and female I really wasn't interested! Thanks again for your help!



    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 06 January 2015 - 06:14 PM

    Your welcome, glad all is well

     

    Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
  •  
     
    ==========================================================
     
     
    Please download DelFix and save the file to your Desktop.
     
    DelFix_zps139e2ea1.jpg
     
  • Windows XP Double Click DelFix.exe to run the program. 
  • Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR 
  • Checkmark " Remove Disinfection Tools"
  • Click the Run button
  •  
    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually
     
     
     
    ==========================================================
     
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 09 January 2015 - 05:57 AM

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
    and start a New Topic.

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users