1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

decrypt_intructions and playtopus?

Discussion in 'Virus & Other Malware Removal' started by sr300zx, May 14, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Athlon(tm) II X2 215 Processor, AMD64 Family 16 Model 6 Stepping 2
    Processor Count: 2
    RAM: 3838 Mb
    Graphics Card: NVIDIA GeForce 6150SE nForce 430, 256 Mb
    Hard Drives: C: Total - 464610 MB, Free - 303913 MB; D: Total - 12226 MB, Free - 2192 MB;
    Motherboard: PEGATRON CORPORATION, NARRA5
    Antivirus: AVG AntiVirus 2015, Disabled


    I have thousands of files that have been infected with ransom ware. I've searched for a solution but have failed to find one. Has there been any new developments that can help me retrieve my files?
    Also questions about playtopus...I see it in my program uninstall but when I click uninstall it says that the file does not exist.
    also, my computer has been running quite slow and I can't right click and copy photos. I've scanned with Avg Antivirus, malwarebytes, and spybot. Spybot found one spybot with 6 entries and quarantined it. malwarebytes found one pup and quarantined it. Avg has found nothing. Any advice will be greatly appreciated!
     
  2. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
  3. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello sr300zx,

    Please download Farbar Recovery Scan Tool from here and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called (FRST.txt) in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
     
  4. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
    Ran by kim (administrator) on KIM-PC on 17-05-2015 20:29:49
    Running from C:\Users\kim\Desktop
    Loaded Profiles: kim (Available profiles: kim)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (iWin Inc.) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4759896 2014-04-01] (PC Drivers Headquarters)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [BRS] => C:\Program Files (x86)\Groovorio\BRS\brs.exe -runBRS
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [GoogleUpdate] => C:\Users\kim\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [USB Adapter Updater] => "C:\ProgramData\USB Adapter Updater\bjrwzmzis.exe"
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [{79406ACD-66EC-6BE8-4DC4-D4373DD7A514}] => C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864 2015-02-02] (Microsoft Corporation)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    SearchScopes: HKLM -> DefaultScope {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=...tGtD0Ezy0FyD0D0ByCtCzyyD0B2Q&cr=1233414094&ir=
    SearchScopes: HKLM-x32 -> DefaultScope {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.safesear.ch/web/?type=20150430-120-sshome-ie-df&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> DefaultScope {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?gui...1234D27}&action=default_search&k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {778370FA-7463-4DAF-A8B7-DAD43A9A3920} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20130520,19853,0,18,0
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?gui...1234D27}&action=default_search&k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {9A85498F-6AA4-4FC0-9587-68A163876745} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11425
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: SelectionLinksBHO Class -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} -> C:\Program Files (x86)\OApps\SelectionLinks.dll No File
    BHO-x32: No Name -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-04-14] (Sun Microsystems, Inc.)
    Toolbar: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    DPF: HKLM-x32 {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2014-04-14] (Sun Microsystems, Inc.)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-24] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-24] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2961242490-1984678187-2713381144-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll No File
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-24]
    FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 6052424\extensions\{[email protected]}
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 1\extensions\{[email protected]}
    StartMenuInternet: FIREFOX.EXE - firefox.exe
    Chrome:
    =======
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\kim\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [Not Found]
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - https://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
    R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-03] (Electronic Arts)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-17 20:29 - 2015-05-17 20:30 - 00017062 _____ () C:\Users\kim\Desktop\FRST.txt
    2015-05-17 20:29 - 2015-05-17 20:29 - 02107392 _____ (Farbar) C:\Users\kim\Desktop\FRST64.exe
    2015-05-17 20:29 - 2015-05-17 20:29 - 01146368 _____ (Farbar) C:\Users\kim\Desktop\FRST.exe
    2015-05-17 00:36 - 2015-05-17 00:36 - 00001861 _____ () C:\Users\Public\Desktop\Shockwave Games.lnk
    2015-05-17 00:36 - 2015-05-17 00:36 - 00001321 _____ () C:\Users\Public\Desktop\Nancy Drew - Ghost of Thornton Hall.lnk
    2015-05-14 20:53 - 2015-05-17 15:44 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    2015-05-14 19:14 - 2015-05-17 20:29 - 00000000 ____D () C:\FRST
    2015-05-14 19:11 - 2015-05-14 19:11 - 02744965 _____ () C:\Users\kim\Downloads\idtool (1).zip
    2015-05-14 19:10 - 2015-05-14 19:10 - 02744965 _____ () C:\Users\kim\Downloads\idtool.zip
    2015-05-14 18:23 - 2015-05-14 19:33 - 00025443 _____ () C:\Users\kim\Desktop\avgrep.txt
    2015-05-13 15:16 - 2015-05-17 15:44 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    2015-05-13 15:14 - 2015-05-13 15:14 - 00000164 _____ () C:\Windows\install.dat
    2015-05-13 15:14 - 2015-05-13 15:14 - 00000000 ____D () C:\Program Files (x86)\Webroot
    2015-05-13 15:08 - 2015-05-13 15:08 - 00000000 ____D () C:\ProgramData\Licenses
    2015-05-13 03:04 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 03:04 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-12 16:06 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-12 16:06 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-12 16:06 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-12 16:06 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-12 16:05 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-05-12 16:05 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-05-12 16:05 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-12 16:05 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-05-12 16:05 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-05-12 16:05 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-05-12 16:05 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-05-12 16:05 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-05-12 16:05 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-05-12 16:05 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-05-12 16:05 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-05-12 16:05 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-05-12 16:05 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-05-12 16:05 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-05-12 16:05 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-05-12 16:05 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-05-12 16:05 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-05-12 16:05 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-05-12 16:05 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-05-12 16:05 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-12 16:05 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-12 16:05 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-12 16:05 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-12 16:05 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-05-12 16:05 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-05-12 16:05 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-12 16:05 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-12 16:05 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-05-12 16:05 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-12 16:05 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-05-12 16:05 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-12 16:05 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-05-12 16:05 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-12 16:05 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-12 16:05 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-12 16:05 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-05-12 16:05 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-05-12 16:05 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-12 16:05 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-05-12 16:05 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-12 16:05 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-12 16:05 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-12 16:05 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-05-12 16:05 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-12 16:05 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-05-12 16:05 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-05-12 16:05 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-12 16:05 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-05-12 16:05 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-12 16:05 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-05-12 16:05 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-12 16:05 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-12 16:05 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-12 16:05 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-05-12 16:05 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-12 16:05 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-12 16:05 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-12 16:05 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-05-12 16:05 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-12 16:05 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-12 16:05 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-12 16:05 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-05-12 16:05 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-12 16:05 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-05-12 16:05 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-12 16:05 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-05-12 16:05 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-12 16:05 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-12 16:05 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-12 16:05 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-12 16:05 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-12 16:05 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-12 16:05 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-05-12 16:05 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-12 16:05 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-12 16:05 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-12 16:05 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-12 16:05 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-12 16:05 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-12 16:05 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-12 16:04 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-12 16:04 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-12 16:04 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-12 16:04 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-12 16:04 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-12 16:04 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-12 16:04 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-12 16:04 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-12 16:04 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-12 16:04 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-12 16:04 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-12 16:04 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-12 16:04 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-12 16:04 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-12 16:04 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-12 16:04 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-12 16:04 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-12 16:04 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-10 20:22 - 2015-05-10 20:22 - 00000000 ____D () C:\Users\kim\AppData\Roaming\AlawarEntertainment
    2015-05-10 20:07 - 2015-05-10 20:07 - 00001321 _____ () C:\Users\Public\Desktop\Paranormal Pursuit - The Gifted One.lnk
    2015-05-10 15:42 - 2015-05-10 15:42 - 00003006 _____ () C:\Windows\System32\Tasks\{EF2C254B-A5D0-4760-8DB6-ED2B764C4C70}
    2015-05-10 14:49 - 2015-05-10 14:49 - 00000000 ____D () C:\Users\Public\Documents\BlitPop
    2015-05-03 16:44 - 2015-05-03 16:45 - 00000000 ____D () C:\Users\kim\AppData\Local\Origin
    2015-05-03 16:43 - 2015-05-03 16:43 - 00000945 _____ () C:\Users\Public\Desktop\Origin.lnk
    2015-05-03 16:43 - 2015-05-03 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2015-05-02 22:22 - 2015-05-02 22:22 - 00000136 _____ () C:\Users\kim\Desktop\The Sims™ 3 Ambitions - Shortcut.lnk
    2015-05-02 22:22 - 2015-05-02 22:22 - 00000136 _____ () C:\Users\kim\Desktop\The Sims™ 3 - Shortcut.lnk
    2015-05-01 22:52 - 2015-05-01 22:52 - 00753184 _____ () C:\Users\kim\Downloads\Adware-Removal-Tool-v3.9.1.exe
    2015-05-01 22:52 - 2015-05-01 22:52 - 00753184 _____ () C:\Users\kim\Downloads\Adware-Removal-Tool-v3.9.1 (1).exe
    2015-04-30 19:00 - 2015-05-01 00:47 - 00000000 ____D () C:\Program Files (x86)\NpackdDetected
    2015-04-30 17:02 - 2015-04-30 17:02 - 00000083 _____ () C:\Program Files (x86)\Free Ride GamesGlobalTime.xml
    2015-04-30 15:55 - 2015-05-04 18:48 - 00000000 ____D () C:\ProgramData\PlayFirst
    2015-04-30 15:54 - 2015-04-30 15:54 - 00000064 _____ () C:\Windows\GPlrLanc.dat
    2015-04-30 15:53 - 2015-05-14 16:59 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
    2015-04-30 15:51 - 2015-04-30 15:51 - 00000573 _____ () C:\Users\kim\Downloads\hoteldash-setup.website
    2015-04-30 15:43 - 2015-05-04 18:48 - 00000000 ____D () C:\Users\kim\AppData\Roaming\PlayFirst
    2015-04-30 15:43 - 2015-04-30 15:43 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2015-04-30 15:41 - 2015-05-01 18:34 - 00000000 ____D () C:\Users\kim\AppData\Local\NSManager
    2015-04-30 15:41 - 2015-05-01 17:39 - 00000000 ____D () C:\Program Files (x86)\Simple
    2015-04-30 15:41 - 2015-05-01 10:18 - 00000000 ____D () C:\ProgramData\Npackd
    2015-04-30 15:41 - 2015-04-30 15:41 - 00003218 _____ () C:\Windows\System32\Tasks\NSManager_1430452778
    2015-04-30 15:41 - 2015-04-30 15:41 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
    2015-04-30 15:41 - 2015-04-30 15:41 - 00000000 ____D () C:\Users\kim\AppData\Local\Component
    2015-04-30 15:41 - 2015-04-30 15:41 - 00000000 ____D () C:\Program Files (x86)\NpackdCL
    2015-04-30 15:40 - 2015-05-01 17:37 - 00000000 ____D () C:\Program Files (x86)\Like
    2015-04-30 15:40 - 2015-04-30 15:41 - 00000258 __RSH () C:\Users\kim\ntuser.pol
    2015-04-30 15:40 - 2015-04-30 15:40 - 00002157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
    2015-04-30 15:39 - 2015-04-30 15:41 - 00000000 ____D () C:\Users\kim\AppData\Local\Fast Browser
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002191 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002161 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002159 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002157 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
    2015-04-28 21:18 - 2015-05-16 21:22 - 00003176 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkim
    2015-04-28 21:18 - 2015-05-16 21:22 - 00000326 _____ () C:\Windows\Tasks\HPCeeScheduleForkim.job
    2015-04-25 20:34 - 2015-04-25 20:34 - 00001301 _____ () C:\Users\Public\Desktop\Delicious - Emily's New Beginning.lnk
    2015-04-24 12:41 - 2015-05-01 23:21 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-24 12:41 - 2015-04-24 12:41 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-04-24 11:27 - 2015-04-24 11:27 - 01701504 _____ () C:\Windows\Minidump\042415-54225-01.dmp
    2015-04-22 04:58 - 2015-04-22 05:02 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-22 04:58 - 2015-04-22 04:58 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-22 01:28 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-22 01:28 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-04-22 01:28 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-04-22 01:28 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-22 01:27 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-22 01:27 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-22 01:27 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-22 01:27 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-22 01:26 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-22 01:26 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-22 01:26 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-22 01:26 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-22 01:26 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-04-22 01:22 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-22 01:15 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-22 01:15 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-22 01:15 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-22 00:16 - 2015-04-22 00:16 - 00000288 _____ () C:\prefs.js
    2015-04-22 00:16 - 2015-04-22 00:16 - 00000000 ____D () C:\Users\kim\AppData\Roaming\LavasoftStatistics
    2015-04-22 00:16 - 2015-04-22 00:16 - 00000000 ____D () C:\searchplugins
    2015-04-22 00:13 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
    2015-04-22 00:12 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
    2015-04-22 00:09 - 2015-04-22 00:09 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
    2015-04-22 00:01 - 2015-04-22 00:01 - 00000000 ____D () C:\Program Files\Lavasoft
    2015-04-21 23:53 - 2015-04-21 23:53 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2015-04-21 23:21 - 2015-05-15 19:50 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    2015-04-21 23:21 - 2015-05-15 19:50 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-17 20:25 - 2013-05-22 22:57 - 00000432 _____ () C:\Windows\Tasks\Quick PC Booster Idle.job
    2015-05-17 20:14 - 2012-01-23 13:05 - 01430287 _____ () C:\Windows\WindowsUpdate.log
    2015-05-17 20:02 - 2012-11-25 06:58 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{39643EC9-919A-40EA-8AAB-7FAB555FA1E3}
    2015-05-17 19:53 - 2012-07-14 03:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-17 15:52 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-17 15:52 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-17 15:49 - 2015-01-20 16:21 - 00000000 ____D () C:\ProgramData\MFAData
    2015-05-17 15:44 - 2014-04-25 21:54 - 00000374 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
    2015-05-17 15:44 - 2014-04-25 21:54 - 00000374 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
    2015-05-17 15:44 - 2013-05-18 14:50 - 00000410 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
    2015-05-17 15:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-17 15:44 - 2009-07-13 23:51 - 00069384 _____ () C:\Windows\setupact.log
    2015-05-17 00:36 - 2014-03-06 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave.com
    2015-05-17 00:36 - 2014-03-06 22:25 - 00000000 ____D () C:\Program Files (x86)\Shockwave.com
    2015-05-17 00:35 - 2012-01-23 02:03 - 00002516 ___SH () C:\ProgramData\KGyGaAvL.sys
    2015-05-17 00:35 - 2012-01-23 01:57 - 00000000 ____D () C:\Users\kim\Documents\My PSP Files
    2015-05-16 21:59 - 2012-01-26 10:35 - 00000000 ____D () C:\ProgramData\Origin
    2015-05-14 21:35 - 2012-09-25 21:24 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-05-14 18:00 - 2015-01-23 14:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-14 17:18 - 2009-08-28 13:33 - 00822160 _____ () C:\Windows\PFRO.log
    2015-05-14 17:15 - 2012-07-14 03:25 - 00000000 ____D () C:\ProgramData\Yahoo!
    2015-05-14 17:15 - 2012-07-14 03:23 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
    2015-05-14 16:43 - 2014-04-14 19:38 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
    2015-05-14 01:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-05-13 15:14 - 2009-08-28 13:42 - 00000000 ____D () C:\ProgramData\Temp
    2015-05-13 15:14 - 2009-07-13 21:34 - 00000617 _____ () C:\Windows\win.ini
    2015-05-13 09:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-05-13 08:24 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-13 08:18 - 2009-07-13 23:45 - 00351680 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-13 08:17 - 2013-08-25 01:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-13 08:17 - 2013-08-25 01:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-13 07:35 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-13 07:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-13 03:16 - 2014-04-14 21:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-13 03:15 - 2014-01-18 14:10 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-13 03:10 - 2014-01-18 14:10 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-05-13 03:04 - 2013-08-25 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-12 21:22 - 2012-02-08 07:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-05-12 21:21 - 2012-02-08 07:40 - 00000000 ____D () C:\Users\kim\AppData\Roaming\HpUpdate
    2015-05-12 13:01 - 2012-01-23 13:05 - 00000000 ____D () C:\Users\kim
    2015-05-08 21:55 - 2012-01-23 13:08 - 00085976 _____ () C:\Users\kim\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-05-03 16:44 - 2012-01-26 10:34 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-05-02 21:41 - 2014-03-09 12:31 - 00000000 ____D () C:\ProgramData\Gogii
    2015-05-01 23:27 - 2014-04-14 19:52 - 00000000 ____D () C:\Program Files (x86)\Product Support
    2015-05-01 17:53 - 2009-08-28 13:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-05-01 17:13 - 2012-01-23 13:09 - 00000000 ____D () C:\Users\kim\AppData\Local\VirtualStore
    2015-04-30 19:00 - 2015-01-23 14:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-30 19:00 - 2014-04-14 21:18 - 00000000 ____D () C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
    2015-04-30 19:00 - 2013-10-28 18:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-04-30 19:00 - 2013-10-28 18:06 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2015-04-30 19:00 - 2012-12-19 09:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-04-30 19:00 - 2009-08-28 14:01 - 00000000 ____D () C:\Program Files (x86)\HP Games
    2015-04-30 19:00 - 2009-08-28 13:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2015-04-30 19:00 - 2009-08-28 13:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2015-04-30 19:00 - 2009-08-28 13:31 - 00000000 ____D () C:\Program Files\LSI SoftModem
    2015-04-30 15:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
    2015-04-30 15:43 - 2012-01-23 01:10 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Macromedia
    2015-04-30 15:38 - 2014-11-24 06:10 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2015-04-29 00:36 - 2012-01-23 02:04 - 00000000 ____D () C:\Users\kim\AppData\Local\Corel
    2015-04-27 23:24 - 2009-07-14 00:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-24 21:32 - 2012-12-19 09:54 - 00000562 _____ () C:\Windows\wininit.ini
    2015-04-24 11:56 - 2009-08-28 13:42 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
    2015-04-24 11:27 - 2015-01-19 08:17 - 324544126 _____ () C:\Windows\MEMORY.DMP
    2015-04-24 11:27 - 2014-11-27 16:49 - 00000000 ____D () C:\Windows\Minidump
    2015-04-23 18:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-22 04:58 - 2015-01-17 06:05 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-22 04:58 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-22 04:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-04-22 04:24 - 2012-03-24 18:54 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-04-21 23:55 - 2012-07-14 03:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-21 23:55 - 2012-07-14 03:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-21 23:55 - 2012-01-23 10:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    ==================== Files in the root of some directories =======
    2015-04-30 17:02 - 2015-04-30 17:02 - 0000083 _____ () C:\Program Files (x86)\Free Ride GamesGlobalTime.xml
    2014-11-07 07:46 - 2014-11-07 07:46 - 0008538 _____ () C:\Users\kim\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
    2014-11-07 07:46 - 2014-11-07 07:46 - 0004210 _____ () C:\Users\kim\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
    2014-11-07 07:46 - 2014-11-07 07:46 - 0000274 _____ () C:\Users\kim\AppData\Roaming\INSTALL_TOR.URL
    2014-04-14 20:52 - 2014-11-24 12:10 - 0000096 _____ () C:\Users\kim\AppData\Roaming\WB.CFG
    2012-10-02 16:10 - 2013-04-26 18:16 - 0000872 _____ () C:\Users\kim\AppData\Roaming\wklnhst.dat
    2015-01-24 09:24 - 2015-01-24 09:24 - 0000480 ____H () C:\Users\kim\AppData\Roaming\&#40637;&#37778;&#39379;&#35228;
    2012-01-23 11:16 - 2013-02-24 01:03 - 0005632 _____ () C:\Users\kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-11-07 07:28 - 2014-11-07 07:28 - 0008538 _____ () C:\Users\kim\AppData\Local\DECRYPT_INSTRUCTION.HTML
    2014-11-07 07:28 - 2014-11-07 07:28 - 0004210 _____ () C:\Users\kim\AppData\Local\DECRYPT_INSTRUCTION.TXT
    2014-11-07 07:28 - 2014-11-07 07:28 - 0000274 _____ () C:\Users\kim\AppData\Local\INSTALL_TOR.URL
    2014-10-30 01:13 - 2014-10-30 01:13 - 0627688 _____ (CMI Limited) C:\Users\kim\AppData\Local\nsiABF0.tmp
    2012-01-23 12:09 - 2012-01-23 12:09 - 2010116 _____ () C:\Users\kim\AppData\Local\tmpCHRISTMAS%20AND%20JAN%202011-12%20044[1].0
    2012-01-23 12:09 - 2012-01-23 12:09 - 0745248 _____ () C:\Users\kim\AppData\Local\tmpCHRISTMAS%20AND%20JAN%202011-12%20044[1].JPG
    2012-01-23 02:03 - 2012-01-23 02:03 - 0000008 __RSH () C:\ProgramData\94830156DE.sys
    2015-01-24 09:24 - 2015-01-24 19:46 - 0000680 _____ () C:\ProgramData\@system.temp
    2015-01-24 09:24 - 2015-01-24 19:47 - 0000416 ____H () C:\ProgramData\@system3.att
    2014-11-06 21:42 - 2014-11-06 21:42 - 0008536 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
    2014-11-06 21:42 - 2014-11-06 21:42 - 0004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
    2014-11-06 21:42 - 2014-11-06 21:42 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL
    2012-01-23 02:03 - 2015-05-17 00:35 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-05-14 06:07
    ==================== End Of Log ============================
     
  5. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
    Ran by kim at 2015-05-17 20:30:59
    Running from C:\Users\kim\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-2961242490-1984678187-2713381144-500 - Administrator - Disabled)
    Guest (S-1-5-21-2961242490-1984678187-2713381144-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2961242490-1984678187-2713381144-1002 - Limited - Enabled)
    kim (S-1-5-21-2961242490-1984678187-2713381144-1001 - Administrator - Enabled) => C:\Users\kim
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: AVG AntiVirus 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
    AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0000 - Corel Corporation)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    Delicious - Emily's New Beginning (HKLM-x32\...\Delicious - Emily's New Beginning) (Version: 32.0.0.0 - Shockwave.com)
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
    Facebook Messenger 2.1.4651.0 (HKLM-x32\...\{17D26CDD-B87C-412B-92F0-2D5DD4313522}) (Version: 2.1.4651.0 - Facebook)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
    HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
    HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
    J2SE Runtime Environment 5.0 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
    LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
    LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nancy Drew®: Ghost of Thornton Hall (HKLM-x32\...\Nancy Drew®: Ghost of Thornton Hall) (Version: 32.0.0.0 - Shockwave.com)
    NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
    NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
    Paranormal Pursuit: The Gifted One (HKLM-x32\...\Paranormal Pursuit: The Gifted One) (Version: 32.0.0.0 - Shockwave.com)
    PDF Creator (HKLM\...\PDF Creator) (Version: - )
    PDF Creator Packages (HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\PDF Creator Packages) (Version: - ) <==== ATTENTION
    Playtopus (HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Playtopus) (Version: - Playtopus)
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
    The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
    The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
    The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
    The Sims™ 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
    The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
    The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    The Sims™ 3 Pets Create A Pet Demo (HKLM-x32\...\{F617CEFF-8242-42AF-95BE-2545DB029A0C}) (Version: 1.0.49 - Electronic Arts)
    The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
    The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
    The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> No File
    ==================== Restore Points =========================
    13-05-2015 03:00:55 Windows Update
    14-05-2015 16:14:50 AA11
    14-05-2015 16:39:55 Removed AVG 2015
    14-05-2015 16:51:16 Removed Google Earth.
    14-05-2015 17:12:09 LavasoftWeCompanion
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 21:34 - 2015-05-14 17:15 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {00C1826B-ED9B-4CA2-B1AC-882CDBD73B93} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {08191A59-E455-424E-B506-5B1D8BCBC6E8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {08644996-E83A-4F2C-9604-9FF3425CE188} - \APSnotifierPP2 No Task File <==== ATTENTION
    Task: {0A4C1CD1-E332-4727-B5FB-75869C677953} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
    Task: {125F7BE1-9569-4E67-9DA8-11532C2BC25F} - System32\Tasks\FastFix_Start => C:\Program Files (x86)\FastFixPRO\FastFix.exe
    Task: {15788A5F-0B50-42D1-8601-427E1950AC02} - System32\Tasks\4502 => Wscript.exe C:\Users\kim\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {190F1876-DB2E-4D61-BB47-1C2293D8BA53} - \APSnotifierPP3 No Task File <==== ATTENTION
    Task: {198D7C55-A8DF-408F-9192-A27F6A8E4C0A} - \APSnotifierPP1 No Task File <==== ATTENTION
    Task: {1DEB06CA-98AE-438A-B738-9750FCBDAEE9} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {1F076351-F9B6-4FB6-8830-A397259118A2} - System32\Tasks\{3BF2ADEE-F771-4A48-A9EA-5560C9BD5AA8} => C:\Windows\twain_32\escndv\escndv.exe
    Task: {21386CB3-E7BA-4161-9BF3-C52359C113E7} - System32\Tasks\{ECE68695-E75D-4734-893E-BB8A919E3534} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {274F6774-0902-437D-9E8C-9AD9518F3206} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: {34926DE4-AC7B-4246-B5B3-F38A5C8454C8} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
    Task: {352E1E9D-CEF4-4FE8-A7FD-980784EE8232} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {36055958-6EE7-413C-96DA-FA394EA06BA4} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION
    Task: {38F04286-22B3-4D9C-89F7-44A835FB4C22} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {3AD4F317-BD64-477F-824E-2794BEF8AB93} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {3C543D29-2CC7-4AAB-BCBB-D52A7F22C359} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
    Task: {3D75EDD9-1462-4162-82C5-F84E002044DB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {3DD60D36-B595-495F-B9DC-9621215E1746} - \Security Center Update - 274607997 No Task File <==== ATTENTION
    Task: {44F01531-4044-45E3-9D6F-E0B4D2CCF8E1} - System32\Tasks\{F1B4CD66-3449-4737-A8B6-C95DB118C107} => C:\Program Files (x86)\Origin Games\The Sims 3 High End Loft Stuff\Game\Bin\Sims3Launcher.exe [2011-03-04] (EA.com)
    Task: {46583032-9DF6-44E6-8015-114D25A3AECC} - System32\Tasks\Quick PC Booster Idle => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: {48519049-4C70-4221-B4A8-9189E0CAE0E7} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
    Task: {498ED48E-7ACE-4E9A-8D70-8D5CAC845BD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-05-05] (Microsoft)
    Task: {4ACAA56D-C73F-41C9-A00A-0BF80701CA0D} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {4C6510F9-F4F4-4264-A94F-09E889AB449C} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
    Task: {56BC60B7-E89D-4F36-9258-CF331288FEF7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {65105484-7252-4158-AC22-FD218335B11D} - System32\Tasks\vqppetc => C:\Users\kim\AppData\Local\Temp\frjiyte.exe <==== ATTENTION
    Task: {6D580A23-AF54-48F6-8B08-3265293E29BA} - System32\Tasks\{1A036A82-E2C9-45AE-ACA0-22CFC3558405} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {6DCB076A-4051-400F-B233-1D386D15F60B} - System32\Tasks\Component System\Component => C:\Users\kim\AppData\Local\Component\com.exe [2015-04-24] ()
    Task: {6F70C4D6-1ECC-4731-86D1-106831941809} - \Security Center Update - 1218260494 No Task File <==== ATTENTION
    Task: {72A22B08-F0CE-42FB-A4FB-A9187512231E} - \Security Center Update - 2904689137 No Task File <==== ATTENTION
    Task: {762459EF-2E4E-4D67-AA0C-22010C13D5D0} - \Security Center Update - 3835183481 No Task File <==== ATTENTION
    Task: {847C7CA8-9223-4A00-90E6-8CFB26A5696F} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
    Task: {85C64D47-91F8-4CBA-B5A3-B93E30611BE6} - System32\Tasks\{8964779D-21DC-4118-A065-0B1EF034066E} => C:\Windows\twain_32\escndv\escndv.exe
    Task: {8BA18D50-230D-4D64-8B54-711CBADD5B31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {92DABE9F-F699-40AF-A914-465AD90DAED4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {945D16B5-99E6-4DAC-BD55-997923FA050A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {94EBE53C-4F37-4765-BE8B-1998E2D62BA4} - System32\Tasks\{22D9C081-FEDB-4A45-A611-D5B3EE1E7B89} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {9C295586-EF20-4CCC-9F12-6D702481F892} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{1C62ECD6-1181-4821-8EB5-602E028955AB}.exe [2014-08-26] ()
    Task: {AB65994C-5D05-47AA-9069-19DC0B64192E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {B143F255-C415-4D80-9349-D355250BFE39} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {B629CD8C-E0F1-4753-B45C-2F40914FBBAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-05-05] (Microsoft)
    Task: {BE00BE14-FE2E-4AD1-A9B2-74B30A9C606F} - System32\Tasks\{1F07CF55-E70C-4398-8462-5449058EFEBF} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {BE0CBBFC-5AFE-4C08-AB09-F87CD548F7F2} - System32\Tasks\NSManager_1430452778 => C:\Users\kim\AppData\Local\NSManager\manager.exe
    Task: {C5472346-DDB8-4085-8F15-A846928D35A4} - System32\Tasks\Test TimeTrigger => C:\Users\kim\AppData\Local\Temp\Runner.exe <==== ATTENTION
    Task: {C65C0909-5300-4090-A127-F5678BA2A59A} - System32\Tasks\{BBC1BDC8-1647-4988-ACA7-35420BB30737} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\GUninstaller.exe" -c -uprtc -key "claro"
    Task: {C978A061-B19D-4ABA-BBCB-B23935C3C69B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
    Task: {D02FB06F-7167-4970-AA3E-CA3649D4A620} - System32\Tasks\RunAsStdUser Task => C:\Users\kim\AppData\Local\teeveewatchSA\bin\1.0.7.0\TeeveeWatchSA.exe
    Task: {D20922DC-7E0A-4CAF-B9DD-7C80A4D7F1E5} - \Playtopus Updater No Task File <==== ATTENTION
    Task: {D631B6D8-9AF1-4762-89B7-BABE3503013E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {E121D5CA-35AB-48EA-BB6A-1C2ACF15CD67} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {E16FA49F-8AA0-4399-9A3C-573CB1667230} - \Security Center Update - 1709683685 No Task File <==== ATTENTION
    Task: {E3A31EB5-D6A6-441B-88CC-6706D6FBF250} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
    Task: {E4630C7A-F528-43B9-BFB4-EDDB67C5DF72} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {EC27A6BD-325F-4D33-B5D6-647E6457124A} - \TidyNetwork Update No Task File <==== ATTENTION
    Task: {F1A2E63C-93B3-44FF-B4FB-919CE6BB33EE} - \Security Center Update - 3354956722 No Task File <==== ATTENTION
    Task: {F26BD20C-5FC1-4D94-A483-F631960DA087} - System32\Tasks\HPCeeScheduleForkim => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
    Task: {F612B722-1803-4590-8AE2-3D9E8B7E9064} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
    Task: {F6DE250C-A27A-4440-AB15-274AA92DBC0B} - System32\Tasks\{EF2C254B-A5D0-4760-8DB6-ED2B764C4C70} => C:\Program Files (x86)\Shockwave.com\Echoes of Sorrow\Echoes of Sorrow.exe
    Task: {FD26037B-0A5A-4828-9D43-1683EFF451BA} - System32\Tasks\{7A2CA649-4586-42EB-AB94-4C64A9562D29} => C:\Windows\twain_32\escndv\escndv.exe
    Task: {FF4BA70B-4862-4E28-B195-6B07F4F7C36A} - System32\Tasks\FastFix_Popup => C:\Program Files (x86)\FastFixPRO\Splash.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForkim.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
    Task: C:\Windows\Tasks\Quick PC Booster Idle.job => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
    ==================== Loaded Modules (Whitelisted) ==============
    2013-02-04 18:54 - 2011-10-04 23:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
    2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-04-25 21:54 - 2014-04-25 21:54 - 02725912 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    2013-09-29 18:46 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    2014-04-01 09:42 - 2014-04-01 09:42 - 00428416 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-09-29 18:46 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
    2009-07-15 19:51 - 2009-07-15 19:51 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2009-07-15 19:51 - 2009-07-15 19:51 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    2012-07-14 03:25 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    2009-08-05 15:45 - 2009-08-05 15:45 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    AlternateDataStreams: C:\ProgramData\Temp:0CD2D17A
    AlternateDataStreams: C:\ProgramData\Temp:0E544CF5
    AlternateDataStreams: C:\ProgramData\Temp:1EB80F40
    AlternateDataStreams: C:\ProgramData\Temp:45A15C24
    AlternateDataStreams: C:\ProgramData\Temp:52454683
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\ProgramData\Temp:79FD1F58
    AlternateDataStreams: C:\ProgramData\Temp:969736FD
    AlternateDataStreams: C:\ProgramData\Temp:A6FD3255
    AlternateDataStreams: C:\ProgramData\Temp:AD5E6155
    AlternateDataStreams: C:\ProgramData\Temp:E3892B6D
    AlternateDataStreams: C:\ProgramData\Temp:E44513D0
    AlternateDataStreams: C:\ProgramData\Temp:E46A89F4
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news964078814
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages523453257
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-954496249
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends2073392651
    ==================== Safe Mode (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
    MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    MSCONFIG\startupreg: HP Remote Solution => C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    MSCONFIG\startupreg: ospd_us_375 =>
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: SMessaging => C:\Users\kim\AppData\Local\Strongvault Online Backup\SMessaging.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    FirewallRules: [{4F658127-CD70-4417-9903-C6C43DE0BB81}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
    FirewallRules: [{C0BFDE56-F960-47FB-9397-3570E07CC8AE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{3B062AC2-0803-477D-A357-8EBC9B77D457}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{1F90B78A-BBF2-4311-8574-DC45D59555EA}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{4A08F114-F335-4C6C-AC80-04D849CBE0CF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{5CA67BBF-E370-44AD-BF89-5C32A2AEFBA0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{70C2A7F6-811B-4317-9115-0DFE962D7FB4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{705DBBED-EEB4-43DB-BEBF-EE4285652C8D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
    FirewallRules: [{C4697B77-1A51-437A-BA0B-C8C8EDB7011D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
    FirewallRules: [{DC58B3DF-E9B1-4DEC-B7D9-1B76BCFFCBE8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
    FirewallRules: [{470A1FCC-A52C-4F7F-8F1D-4921C58760FF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    FirewallRules: [{0A1760BF-8253-4DE4-A679-2211D22974C8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{2F804FCB-26B6-423D-86EB-34ACC642F648}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
    FirewallRules: [{3194C969-9477-4618-B9AB-E72D2A4DA05A}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
    FirewallRules: [{E76047F4-845C-43AC-B11D-85635EA036EA}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
    FirewallRules: [{A70682CB-2AD5-486C-9475-3325DD36B30D}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
    FirewallRules: [{EF3C90D0-7F15-430C-B16F-199C42BB79E0}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
    FirewallRules: [{4FBD902F-4FDF-4D89-9744-97E5EBF053F5}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
    FirewallRules: [{59B14F81-F60B-41C7-8D57-E7D55270EEF7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{3EB4BBB0-1E4F-4C1A-B272-D0A2E8298027}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{026C4B4E-E107-486B-8C25-D61FD0A5F2CB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{42AEE30B-5EC1-4813-833D-FE632C5416A3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{BE1A5335-B742-44D8-9EF3-F0D3B0B70CF9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{91C7C665-AE3E-4489-AE1F-A4ADDB89BFE9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{503E5C57-44C4-4786-A467-83534CDDF0B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{F2D8DFEE-AB39-48D2-A9CA-CA8B186C3A90}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{C47633E5-D8B7-46C8-9BBC-B79BBA90063C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{C49F0CB4-CEFC-43E0-A1DF-A3D4A09F7472}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{8915AF2D-9A81-4CBB-B9BE-1EA1B8FF1A43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{36FE6477-6AB0-48AB-990D-C44A9E814F29}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{396E20E6-50E1-4753-B8B1-8F60FA585E05}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{5F93780E-DFF4-430C-9AE4-53500A5359A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{F7731523-ADDC-4DCC-B14C-A6AE28765599}] => (Allow) C:\Users\kim\AppData\Local\TNT2\2.0.0.1983\TNT2User.exe
    FirewallRules: [{1C02D719-4E95-4ED7-AEBB-233D6739D483}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    FirewallRules: [{6CFA9E6F-D636-4A05-A3D1-DFF6AD12EFFA}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    ==================== Faulty Device Manager Devices =============
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/17/2015 07:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: Flash64_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529e381
    Exception code: 0xc0000005
    Fault offset: 0x00000000008f316d
    Faulting process id: 0x378
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/17/2015 05:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/17/2015 05:14:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: MSHTML.dll, version: 11.0.9600.17801, time stamp: 0x55368224
    Exception code: 0xc0000005
    Fault offset: 0x000000000002ad94
    Faulting process id: 0xa98
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/16/2015 01:22:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: Flash64_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529e381
    Exception code: 0xc0000005
    Fault offset: 0x00000000008f316d
    Faulting process id: 0xcc0
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/16/2015 02:04:38 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/15/2015 01:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: Flash64_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529e381
    Exception code: 0xc0000005
    Fault offset: 0x00000000008f31b7
    Faulting process id: 0xe28
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/15/2015 02:41:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000000000000000a
    Faulting process id: 0xf08
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/14/2015 08:49:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
    Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

    Details:
    Could not query the status of the EventSystem service.
    System Error:
    A system shutdown is in progress.
    .
    Error: (05/14/2015 04:40:28 PM) (Source: MsiInstaller) (EventID: 10005) (User: kim-PC)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.
    Error: (05/14/2015 01:53:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000417
    Fault offset: 0x0000000180035ef0
    Faulting process id: 0x2aa4
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    System errors:
    =============
    Error: (05/17/2015 03:45:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (05/17/2015 03:44:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
    Error: (05/17/2015 03:44:35 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:41:39 PM on &#8206;5/&#8206;17/&#8206;2015 was unexpected.
    Error: (05/16/2015 09:53:24 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    Error: (05/15/2015 07:51:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (05/15/2015 07:50:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
    Error: (05/15/2015 07:50:12 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 7:48:27 PM on &#8206;5/&#8206;15/&#8206;2015 was unexpected.
    Error: (05/15/2015 00:12:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: The following fatal alert was received: 20.
    Error: (05/15/2015 06:25:09 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    Error: (05/15/2015 02:52:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.

    Microsoft Office Sessions:
    =========================
    ==================== Memory info ===========================
    Processor: AMD Athlon(tm) II X2 215 Processor
    Percentage of memory in use: 47%
    Total physical RAM: 3838.49 MB
    Available physical RAM: 2006.52 MB
    Total Pagefile: 7675.19 MB
    Available Pagefile: 5126.55 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB
    ==================== Drives ================================
    Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:291.29 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  6. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello again sr300zx,

    Amongst other things your machine has a CryptoWall 2 infection.

    See the link below for a description:

    http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

    This is a nasty one. It deletes Win 7 backups (Shadow Volume Copies) so that System Restore cannot be used to recover the files using Shadow Volume Copies and it also securely deletes files so that programs like:

    R-Studio
    Photorec
    Recuva

    won't work in getting back infected files that have been deleted.

    Having said that, sometimes, for one reason or another the deletions don't work and it's worth a try to see if you can get them back. With programs like r-studio.com etc. it's important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.

    For now though let's see if we can get a list of the encrypted files and get rid of the active infections.

    Firstly

    To get a list of the encrypted files so that if sometime in the future a way to recover them is found you can find them.

    Go here to find instructions on how to download and use ListCWall.

    A log file named ListCWall.txt should be created and be located on your Windows desktop.

    Leave it there for now and continue with the next actions.

    Next

    Open notepad.

    Please copy the contents of the code box below.

    To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

    Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    Code:
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [{79406ACD-66EC-6BE8-4DC4-D4373DD7A514}] => C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe
    C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4...=1233414094&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.safesear.ch/web/?type=201...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> DefaultScope {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?guid...k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {778370FA-7463-4DAF-A8B7-DAD43A9A3920} URL = http://search.yahoo.com/search?p={se...0,19853,0,18,0
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?guid...k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {9A85498F-6AA4-4FC0-9587-68A163876745} URL = http://search.yahoo.com/search?p={se...etb&type=11425
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: SelectionLinksBHO Class -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} -> C:\Program Files (x86)\OApps\SelectionLinks.dll No File
    BHO-x32: No Name -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
    DPF: HKLM-x32 {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/dia...eb.1.0.0.4.cab
    FF Plugin HKU\S-1-5-21-2961242490-1984678187-2713381144-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll No File
    C:\Program Files (x86)\Free Ride Games
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    C:\ProgramData\Norton
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
    C:\Program Files (x86)\PremierOpinion
    C:\Program Files (x86)\Free Ride GamesGlobalTime.xml
    C:\Users\kim\AppData\Roaming\????
    C:\Users\kim\AppData\Local\nsiABF0.tmp
    C:\ProgramData\94830156DE.sys
    C:\ProgramData\@system.temp
    C:\ProgramData\@system3.att
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    AlternateDataStreams: C:\ProgramData\Temp:0CD2D17A
    AlternateDataStreams: C:\ProgramData\Temp:0E544CF5
    AlternateDataStreams: C:\ProgramData\Temp:1EB80F40
    AlternateDataStreams: C:\ProgramData\Temp:45A15C24
    AlternateDataStreams: C:\ProgramData\Temp:52454683
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\ProgramData\Temp:79FD1F58
    AlternateDataStreams: C:\ProgramData\Temp:969736FD
    AlternateDataStreams: C:\ProgramData\Temp:A6FD3255
    AlternateDataStreams: C:\ProgramData\Temp:AD5E6155
    AlternateDataStreams: C:\ProgramData\Temp:E3892B6D
    AlternateDataStreams: C:\ProgramData\Temp:E44513D0
    AlternateDataStreams: C:\ProgramData\Temp:E46A89F4
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news964078814
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages523453257
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-954496249
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends2073392651
    CMD: ipconfig /flushdns
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    Task: {08644996-E83A-4F2C-9604-9FF3425CE188} - \APSnotifierPP2 No Task File <==== ATTENTION
    Task: {15788A5F-0B50-42D1-8601-427E1950AC02} - System32\Tasks\4502 => Wscript.exe C:\Users\kim\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\launchie.vbs
    Task: {190F1876-DB2E-4D61-BB47-1C2293D8BA53} - \APSnotifierPP3 No Task File <==== ATTENTION
    Task: {198D7C55-A8DF-408F-9192-A27F6A8E4C0A} - \APSnotifierPP1 No Task File <==== ATTENTION
    Task: {36055958-6EE7-413C-96DA-FA394EA06BA4} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION
    Task: {3DD60D36-B595-495F-B9DC-9621215E1746} - \Security Center Update - 274607997 No Task File <==== ATTENTION
    Task: {65105484-7252-4158-AC22-FD218335B11D} - System32\Tasks\vqppetc => C:\Users\kim\AppData\Local\Temp\frjiyte.exe <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\frjiyte.exe
    Task: {6F70C4D6-1ECC-4731-86D1-106831941809} - \Security Center Update - 1218260494 No Task File <==== ATTENTION
    Task: {72A22B08-F0CE-42FB-A4FB-A9187512231E} - \Security Center Update - 2904689137 No Task File <==== ATTENTION
    Task: {762459EF-2E4E-4D67-AA0C-22010C13D5D0} - \Security Center Update - 3835183481 No Task File <==== ATTENTION
    Task: {9C295586-EF20-4CCC-9F12-6D702481F892} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{1C62ECD6-1181-4821-8EB5-602E028955AB}.exe [2014-08-26] ()
    C:\ProgramData\Avg_Update_0814tb
    Task: {B143F255-C415-4D80-9349-D355250BFE39} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {C5472346-DDB8-4085-8F15-A846928D35A4} - System32\Tasks\Test TimeTrigger => C:\Users\kim\AppData\Local\Temp\Runner.exe <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\Runner.exe
    Task: {D20922DC-7E0A-4CAF-B9DD-7C80A4D7F1E5} - \Playtopus Updater No Task File <==== ATTENTION
    Task: {E16FA49F-8AA0-4399-9A3C-573CB1667230} - \Security Center Update - 1709683685 No Task File <==== ATTENTION
    Task: {EC27A6BD-325F-4D33-B5D6-647E6457124A} - \TidyNetwork Update No Task File <==== ATTENTION
    Task: {F1A2E63C-93B3-44FF-B4FB-919CE6BB33EE} - \Security Center Update - 3354956722 No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar
    Task: C:\Windows\Tasks\Quick PC Booster Idle.job => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
    C:\Program Files\Quick PC Booster
    FirewallRules: [{BE1A5335-B742-44D8-9EF3-F0D3B0B70CF9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{91C7C665-AE3E-4489-AE1F-A4ADDB89BFE9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{1C02D719-4E95-4ED7-AEBB-233D6739D483}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    FirewallRules: [{6CFA9E6F-D636-4A05-A3D1-DFF6AD12EFFA}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    EmptyTemp:
    
    This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    After that

    Please uninstall the following program that should now be visible in your uninstall list:

    Strongvault Online Backup

    Finally in this post

    Check the ListCWall.txt log on your desktop and see if it contains a list of the encrypted files.

    Then

    Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

    So when you return please post
    • Fixlog.txt
    • FRST.txt
    • Addition.txt
    • Tell me what ListCWall.txt contains
     
  7. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
    Ran by kim at 2015-05-17 23:44:37 Run:1
    Running from C:\Users\kim\Desktop
    Loaded Profiles: kim (Available profiles: kim)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [{79406ACD-66EC-6BE8-4DC4-D4373DD7A514}] => C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe
    C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4...=1233414094&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.safesear.ch/web/?type=201...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> DefaultScope {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?guid...k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {778370FA-7463-4DAF-A8B7-DAD43A9A3920} URL = http://search.yahoo.com/search?p={se...0,19853,0,18,0
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?guid...k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {9A85498F-6AA4-4FC0-9587-68A163876745} URL = http://search.yahoo.com/search?p={se...etb&type=11425
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: SelectionLinksBHO Class -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} -> C:\Program Files (x86)\OApps\SelectionLinks.dll No File
    BHO-x32: No Name -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
    DPF: HKLM-x32 {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/dia...eb.1.0.0.4.cab
    FF Plugin HKU\S-1-5-21-2961242490-1984678187-2713381144-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll No File
    C:\Program Files (x86)\Free Ride Games
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    C:\ProgramData\Norton
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
    C:\Program Files (x86)\PremierOpinion
    C:\Program Files (x86)\Free Ride GamesGlobalTime.xml
    C:\Users\kim\AppData\Roaming\????
    C:\Users\kim\AppData\Local\nsiABF0.tmp
    C:\ProgramData\94830156DE.sys
    C:\ProgramData\@system.temp
    C:\ProgramData\@system3.att
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    AlternateDataStreams: C:\ProgramData\Temp:0CD2D17A
    AlternateDataStreams: C:\ProgramData\Temp:0E544CF5
    AlternateDataStreams: C:\ProgramData\Temp:1EB80F40
    AlternateDataStreams: C:\ProgramData\Temp:45A15C24
    AlternateDataStreams: C:\ProgramData\Temp:52454683
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\ProgramData\Temp:79FD1F58
    AlternateDataStreams: C:\ProgramData\Temp:969736FD
    AlternateDataStreams: C:\ProgramData\Temp:A6FD3255
    AlternateDataStreams: C:\ProgramData\Temp:AD5E6155
    AlternateDataStreams: C:\ProgramData\Temp:E3892B6D
    AlternateDataStreams: C:\ProgramData\Temp:E44513D0
    AlternateDataStreams: C:\ProgramData\Temp:E46A89F4
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news964078814
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages523453257
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-954496249
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends2073392651
    CMD: ipconfig /flushdns
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    Task: {08644996-E83A-4F2C-9604-9FF3425CE188} - \APSnotifierPP2 No Task File <==== ATTENTION
    Task: {15788A5F-0B50-42D1-8601-427E1950AC02} - System32\Tasks\4502 => Wscript.exe C:\Users\kim\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\launchie.vbs
    Task: {190F1876-DB2E-4D61-BB47-1C2293D8BA53} - \APSnotifierPP3 No Task File <==== ATTENTION
    Task: {198D7C55-A8DF-408F-9192-A27F6A8E4C0A} - \APSnotifierPP1 No Task File <==== ATTENTION
    Task: {36055958-6EE7-413C-96DA-FA394EA06BA4} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION
    Task: {3DD60D36-B595-495F-B9DC-9621215E1746} - \Security Center Update - 274607997 No Task File <==== ATTENTION
    Task: {65105484-7252-4158-AC22-FD218335B11D} - System32\Tasks\vqppetc => C:\Users\kim\AppData\Local\Temp\frjiyte.exe <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\frjiyte.exe
    Task: {6F70C4D6-1ECC-4731-86D1-106831941809} - \Security Center Update - 1218260494 No Task File <==== ATTENTION
    Task: {72A22B08-F0CE-42FB-A4FB-A9187512231E} - \Security Center Update - 2904689137 No Task File <==== ATTENTION
    Task: {762459EF-2E4E-4D67-AA0C-22010C13D5D0} - \Security Center Update - 3835183481 No Task File <==== ATTENTION
    Task: {9C295586-EF20-4CCC-9F12-6D702481F892} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{1C62ECD6-1181-4821-8EB5-602E028955AB}.exe [2014-08-26] ()
    C:\ProgramData\Avg_Update_0814tb
    Task: {B143F255-C415-4D80-9349-D355250BFE39} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {C5472346-DDB8-4085-8F15-A846928D35A4} - System32\Tasks\Test TimeTrigger => C:\Users\kim\AppData\Local\Temp\Runner.exe <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\Runner.exe
    Task: {D20922DC-7E0A-4CAF-B9DD-7C80A4D7F1E5} - \Playtopus Updater No Task File <==== ATTENTION
    Task: {E16FA49F-8AA0-4399-9A3C-573CB1667230} - \Security Center Update - 1709683685 No Task File <==== ATTENTION
    Task: {EC27A6BD-325F-4D33-B5D6-647E6457124A} - \TidyNetwork Update No Task File <==== ATTENTION
    Task: {F1A2E63C-93B3-44FF-B4FB-919CE6BB33EE} - \Security Center Update - 3354956722 No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar
    Task: C:\Windows\Tasks\Quick PC Booster Idle.job => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
    C:\Program Files\Quick PC Booster
    FirewallRules: [{BE1A5335-B742-44D8-9EF3-F0D3B0B70CF9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{91C7C665-AE3E-4489-AE1F-A4ADDB89BFE9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{1C02D719-4E95-4ED7-AEBB-233D6739D483}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    FirewallRules: [{6CFA9E6F-D636-4A05-A3D1-DFF6AD12EFFA}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    EmptyTemp:
    *****************
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{79406ACD-66EC-6BE8-4DC4-D4373DD7A514} => value deleted successfully.
    "C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe" => File/Directory not found.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}" => Key deleted successfully.
    HKCR\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}" => Key deleted successfully.
    HKCR\CLSID\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => Key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
    HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98}" => Key deleted successfully.
    HKCR\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{778370FA-7463-4DAF-A8B7-DAD43A9A3920}" => Key deleted successfully.
    HKCR\CLSID\{778370FA-7463-4DAF-A8B7-DAD43A9A3920} => Key not found.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E444261-4465-4F61-8080-760B12A51476}" => Key deleted successfully.
    HKCR\CLSID\{8E444261-4465-4F61-8080-760B12A51476} => Key not found.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A85498F-6AA4-4FC0-9587-68A163876745}" => Key deleted successfully.
    HKCR\CLSID\{9A85498F-6AA4-4FC0-9587-68A163876745} => Key not found.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}" => Key deleted successfully.
    HKCR\CLSID\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => Key not found.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}" => Key deleted successfully.
    HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{2D168880-539F-4967-BA11-F7C2862B9E1D}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{2D168880-539F-4967-BA11-F7C2862B9E1D}" => Key deleted successfully.
    "HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\MozillaPlugins\www.exent.com/GameTreatWidget" => Key deleted successfully.
    C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll not found.
    "C:\Program Files (x86)\Free Ride Games" => File/Directory not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => value deleted successfully.
    C:\ProgramData\Norton => Moved successfully.
    PremierOpinion => Service deleted successfully.
    "C:\Program Files (x86)\PremierOpinion" => File/Directory not found.
    C:\Program Files (x86)\Free Ride GamesGlobalTime.xml => Moved successfully.
    "C:\Users\kim\AppData\Roaming\????" directory move:
    Could not move "C:\Users\kim\AppData\Roaming\????" directory. => Scheduled to move on reboot.
    C:\Users\kim\AppData\Local\nsiABF0.tmp => Moved successfully.
    C:\ProgramData\94830156DE.sys => Moved successfully.
    C:\ProgramData\@system.temp => Moved successfully.
    C:\ProgramData\@system3.att => Moved successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
    C:\ProgramData\Temp => ":0CD2D17A" ADS removed successfully.
    C:\ProgramData\Temp => ":0E544CF5" ADS removed successfully.
    C:\ProgramData\Temp => ":1EB80F40" ADS removed successfully.
    C:\ProgramData\Temp => ":45A15C24" ADS removed successfully.
    C:\ProgramData\Temp => ":52454683" ADS removed successfully.
    C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
    C:\ProgramData\Temp => ":79FD1F58" ADS removed successfully.
    C:\ProgramData\Temp => ":969736FD" ADS removed successfully.
    C:\ProgramData\Temp => ":A6FD3255" ADS removed successfully.
    C:\ProgramData\Temp => ":AD5E6155" ADS removed successfully.
    C:\ProgramData\Temp => ":E3892B6D" ADS removed successfully.
    C:\ProgramData\Temp => ":E44513D0" ADS removed successfully.
    C:\ProgramData\Temp => ":E46A89F4" ADS removed successfully.
    C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_0news964078814" ADS removed successfully.
    C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_1messages523453257" ADS removed successfully.
    C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_2events-954496249" ADS removed successfully.
    C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_3friends2073392651" ADS removed successfully.
    ========= ipconfig /flushdns =========

    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    ========= End of CMD: =========
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}\\SystemComponent => value deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08644996-E83A-4F2C-9604-9FF3425CE188}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08644996-E83A-4F2C-9604-9FF3425CE188}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15788A5F-0B50-42D1-8601-427E1950AC02}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15788A5F-0B50-42D1-8601-427E1950AC02}" => Key deleted successfully.
    C:\Windows\System32\Tasks\4502 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4502" => Key deleted successfully.
    "C:\Users\kim\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{190F1876-DB2E-4D61-BB47-1C2293D8BA53}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{190F1876-DB2E-4D61-BB47-1C2293D8BA53}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{198D7C55-A8DF-408F-9192-A27F6A8E4C0A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198D7C55-A8DF-408F-9192-A27F6A8E4C0A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36055958-6EE7-413C-96DA-FA394EA06BA4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36055958-6EE7-413C-96DA-FA394EA06BA4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_DNS_Checker" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DD60D36-B595-495F-B9DC-9621215E1746}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD60D36-B595-495F-B9DC-9621215E1746}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 274607997" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65105484-7252-4158-AC22-FD218335B11D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65105484-7252-4158-AC22-FD218335B11D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\vqppetc => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vqppetc" => Key deleted successfully.
    "C:\Users\kim\AppData\Local\Temp\frjiyte.exe" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F70C4D6-1ECC-4731-86D1-106831941809}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F70C4D6-1ECC-4731-86D1-106831941809}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1218260494" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72A22B08-F0CE-42FB-A4FB-A9187512231E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72A22B08-F0CE-42FB-A4FB-A9187512231E}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2904689137" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{762459EF-2E4E-4D67-AA0C-22010C13D5D0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{762459EF-2E4E-4D67-AA0C-22010C13D5D0}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3835183481" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C295586-EF20-4CCC-9F12-6D702481F892}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C295586-EF20-4CCC-9F12-6D702481F892}" => Key deleted successfully.
    C:\Windows\System32\Tasks\0814tbUpdateInfo => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0814tbUpdateInfo" => Key deleted successfully.
    C:\ProgramData\Avg_Update_0814tb => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B143F255-C415-4D80-9349-D355250BFE39}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B143F255-C415-4D80-9349-D355250BFE39}" => Key deleted successfully.
    C:\Windows\System32\Tasks\0 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5472346-DDB8-4085-8F15-A846928D35A4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5472346-DDB8-4085-8F15-A846928D35A4}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
    "C:\Users\kim\AppData\Local\Temp\Runner.exe" => File/Directory not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D20922DC-7E0A-4CAF-B9DD-7C80A4D7F1E5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D20922DC-7E0A-4CAF-B9DD-7C80A4D7F1E5}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Playtopus Updater" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E16FA49F-8AA0-4399-9A3C-573CB1667230}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E16FA49F-8AA0-4399-9A3C-573CB1667230}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1709683685" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC27A6BD-325F-4D33-B5D6-647E6457124A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC27A6BD-325F-4D33-B5D6-647E6457124A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1A2E63C-93B3-44FF-B4FB-919CE6BB33EE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1A2E63C-93B3-44FF-B4FB-919CE6BB33EE}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3354956722" => Key deleted successfully.
    C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => Moved successfully.
    C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => Moved successfully.
    C:\Program Files (x86)\AVG SafeGuard toolbar => Moved successfully.
    C:\Windows\Tasks\Quick PC Booster Idle.job => Moved successfully.
    C:\Windows\Tasks\Quick PC Booster64 startups.job => Moved successfully.
    C:\Program Files\Quick PC Booster => Moved successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE1A5335-B742-44D8-9EF3-F0D3B0B70CF9} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91C7C665-AE3E-4489-AE1F-A4ADDB89BFE9} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C02D719-4E95-4ED7-AEBB-233D6739D483} => value deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CFA9E6F-D636-4A05-A3D1-DFF6AD12EFFA} => value deleted successfully.
    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-18 01:30:16)<=
    ==> ATTENTION: System is not rebooted.
    "C:\Users\kim\AppData\Roaming\????" => Could not move.
    ==== End of Fixlog 01:30:16 ====
     
  8. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
    Ran by kim (administrator) on KIM-PC on 18-05-2015 01:34:41
    Running from C:\Users\kim\Desktop
    Loaded Profiles: kim (Available profiles: kim)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
    (iWin Inc.) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4759896 2014-04-01] (PC Drivers Headquarters)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [BRS] => C:\Program Files (x86)\Groovorio\BRS\brs.exe -runBRS
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [GoogleUpdate] => C:\Users\kim\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [USB Adapter Updater] => "C:\ProgramData\USB Adapter Updater\bjrwzmzis.exe"
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864 2015-02-02] (Microsoft Corporation)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    SearchScopes: HKLM -> DefaultScope {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {5BA5F6EE-0B24-4C4E-B239-9258741550EF} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-04-14] (Sun Microsystems, Inc.)
    Toolbar: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2014-04-14] (Sun Microsystems, Inc.)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-02-24] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-02-24] (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-24]
    FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 6052424\extensions\{[email protected]}
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM-x32\...\Firefox\Extensions: [{[email protected]}] - 1\extensions\{[email protected]}
    StartMenuInternet: FIREFOX.EXE - firefox.exe
    Chrome:
    =======
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\kim\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [Not Found]
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [joefoganpblmedgjeigepgjfikhhdnnj] - https://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
    R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-09] (Hewlett-Packard) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-03] (Electronic Arts)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-17 23:41 - 2015-05-17 23:41 - 00008095 _____ () C:\Users\kim\Desktop\fixlist.txt
    2015-05-17 23:39 - 2015-05-17 23:39 - 00000914 _____ () C:\Users\kim\Desktop\ListCWall.txt
    2015-05-17 23:35 - 2015-05-17 23:35 - 00001421 _____ () C:\Users\Public\Desktop\Dark Strokes - The Legend of the Snow Kingdom.lnk
    2015-05-17 20:30 - 2015-05-17 20:31 - 00045542 _____ () C:\Users\kim\Desktop\Addition.txt
    2015-05-17 20:29 - 2015-05-18 01:34 - 00013198 _____ () C:\Users\kim\Desktop\FRST.txt
    2015-05-17 20:29 - 2015-05-17 20:29 - 02107392 _____ (Farbar) C:\Users\kim\Desktop\FRST64.exe
    2015-05-17 20:29 - 2015-05-17 20:29 - 01146368 _____ (Farbar) C:\Users\kim\Desktop\FRST.exe
    2015-05-17 00:36 - 2015-05-17 23:35 - 00001861 _____ () C:\Users\Public\Desktop\Shockwave Games.lnk
    2015-05-17 00:36 - 2015-05-17 00:36 - 00001321 _____ () C:\Users\Public\Desktop\Nancy Drew - Ghost of Thornton Hall.lnk
    2015-05-14 20:53 - 2015-05-17 15:44 - 00003332 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    2015-05-14 19:14 - 2015-05-18 01:34 - 00000000 ____D () C:\FRST
    2015-05-14 19:11 - 2015-05-14 19:11 - 02744965 _____ () C:\Users\kim\Downloads\idtool (1).zip
    2015-05-14 19:10 - 2015-05-14 19:10 - 02744965 _____ () C:\Users\kim\Downloads\idtool.zip
    2015-05-14 18:23 - 2015-05-14 19:33 - 00025443 _____ () C:\Users\kim\Desktop\avgrep.txt
    2015-05-13 15:16 - 2015-05-17 15:44 - 00003194 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    2015-05-13 15:14 - 2015-05-13 15:14 - 00000164 _____ () C:\Windows\install.dat
    2015-05-13 15:14 - 2015-05-13 15:14 - 00000000 ____D () C:\Program Files (x86)\Webroot
    2015-05-13 15:08 - 2015-05-13 15:08 - 00000000 ____D () C:\ProgramData\Licenses
    2015-05-13 03:04 - 2015-05-01 08:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 03:04 - 2015-05-01 08:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-12 16:06 - 2015-05-04 20:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-12 16:06 - 2015-05-04 20:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-05-12 16:06 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-12 16:06 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-05-12 16:05 - 2015-04-27 14:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-05-12 16:05 - 2015-04-27 14:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-05-12 16:05 - 2015-04-27 14:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-12 16:05 - 2015-04-27 14:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-05-12 16:05 - 2015-04-27 14:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-05-12 16:05 - 2015-04-27 14:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-05-12 16:05 - 2015-04-27 14:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-05-12 16:05 - 2015-04-27 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-05-12 16:05 - 2015-04-27 14:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-05-12 16:05 - 2015-04-27 14:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 14:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-05-12 16:05 - 2015-04-27 14:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-05-12 16:05 - 2015-04-27 14:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-05-12 16:05 - 2015-04-27 14:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-05-12 16:05 - 2015-04-27 14:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-05-12 16:05 - 2015-04-27 14:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-05-12 16:05 - 2015-04-27 14:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-05-12 16:05 - 2015-04-27 14:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-05-12 16:05 - 2015-04-27 14:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-05-12 16:05 - 2015-04-27 14:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-05-12 16:05 - 2015-04-27 14:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-05-12 16:05 - 2015-04-27 14:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-05-12 16:05 - 2015-04-27 14:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 13:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-05-12 16:05 - 2015-04-27 12:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-05-12 16:05 - 2015-04-27 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-05-12 16:05 - 2015-04-27 12:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 12:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 12:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-27 12:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-05-12 16:05 - 2015-04-21 21:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-12 16:05 - 2015-04-21 20:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-05-12 16:05 - 2015-04-21 12:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-12 16:05 - 2015-04-21 12:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-12 16:05 - 2015-04-21 12:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-05-12 16:05 - 2015-04-21 11:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-05-12 16:05 - 2015-04-21 11:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-12 16:05 - 2015-04-21 11:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-12 16:05 - 2015-04-21 11:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-05-12 16:05 - 2015-04-21 11:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-12 16:05 - 2015-04-21 11:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-05-12 16:05 - 2015-04-21 11:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-12 16:05 - 2015-04-21 11:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-05-12 16:05 - 2015-04-21 11:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-12 16:05 - 2015-04-21 11:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-12 16:05 - 2015-04-21 11:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-12 16:05 - 2015-04-21 11:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-05-12 16:05 - 2015-04-21 11:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-05-12 16:05 - 2015-04-21 11:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-12 16:05 - 2015-04-21 11:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-05-12 16:05 - 2015-04-21 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-05-12 16:05 - 2015-04-21 11:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-05-12 16:05 - 2015-04-21 11:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-12 16:05 - 2015-04-21 11:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-05-12 16:05 - 2015-04-21 11:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-05-12 16:05 - 2015-04-21 11:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-05-12 16:05 - 2015-04-21 11:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-05-12 16:05 - 2015-04-21 11:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-05-12 16:05 - 2015-04-21 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-05-12 16:05 - 2015-04-21 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-12 16:05 - 2015-04-21 11:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-05-12 16:05 - 2015-04-21 11:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-12 16:05 - 2015-04-21 11:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-05-12 16:05 - 2015-04-21 11:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-05-12 16:05 - 2015-04-21 11:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-05-12 16:05 - 2015-04-21 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-05-12 16:05 - 2015-04-21 10:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-05-12 16:05 - 2015-04-21 10:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-05-12 16:05 - 2015-04-21 10:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-05-12 16:05 - 2015-04-21 10:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-12 16:05 - 2015-04-21 10:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-12 16:05 - 2015-04-21 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-05-12 16:05 - 2015-04-21 10:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-05-12 16:05 - 2015-04-21 10:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-12 16:05 - 2015-04-21 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-05-12 16:05 - 2015-04-21 10:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-12 16:05 - 2015-04-21 10:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-05-12 16:05 - 2015-04-21 10:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-05-12 16:05 - 2015-04-21 10:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-05-12 16:05 - 2015-04-21 10:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-05-12 16:05 - 2015-04-21 10:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-12 16:05 - 2015-04-21 10:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-05-12 16:05 - 2015-04-21 10:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-05-12 16:05 - 2015-04-21 10:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-05-12 16:05 - 2015-04-21 10:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-05-12 16:05 - 2015-04-21 10:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-12 16:05 - 2015-04-21 10:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-12 16:05 - 2015-04-21 10:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-05-12 16:05 - 2015-04-21 09:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-05-12 16:05 - 2015-04-21 09:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-05-12 16:05 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-12 16:04 - 2015-04-19 22:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-12 16:04 - 2015-04-19 22:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-12 16:04 - 2015-04-19 21:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-05-12 16:04 - 2015-04-19 21:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-12 16:04 - 2015-04-07 22:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-12 16:04 - 2015-04-07 22:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-12 16:04 - 2015-04-07 22:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-05-12 16:04 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-12 16:04 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-12 16:04 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-12 16:04 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-12 16:04 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
    2015-05-12 16:04 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
    2015-05-12 16:04 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
    2015-05-12 16:04 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-05-12 16:04 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-12 16:04 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-12 16:04 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
    2015-05-10 20:22 - 2015-05-10 20:22 - 00000000 ____D () C:\Users\kim\AppData\Roaming\AlawarEntertainment
    2015-05-10 20:07 - 2015-05-10 20:07 - 00001321 _____ () C:\Users\Public\Desktop\Paranormal Pursuit - The Gifted One.lnk
    2015-05-10 15:42 - 2015-05-10 15:42 - 00003006 _____ () C:\Windows\System32\Tasks\{EF2C254B-A5D0-4760-8DB6-ED2B764C4C70}
    2015-05-10 14:49 - 2015-05-10 14:49 - 00000000 ____D () C:\Users\Public\Documents\BlitPop
    2015-05-03 16:44 - 2015-05-03 16:45 - 00000000 ____D () C:\Users\kim\AppData\Local\Origin
    2015-05-03 16:43 - 2015-05-03 16:43 - 00000945 _____ () C:\Users\Public\Desktop\Origin.lnk
    2015-05-03 16:43 - 2015-05-03 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2015-05-02 22:22 - 2015-05-02 22:22 - 00000136 _____ () C:\Users\kim\Desktop\The Sims&#8482; 3 Ambitions - Shortcut.lnk
    2015-05-02 22:22 - 2015-05-02 22:22 - 00000136 _____ () C:\Users\kim\Desktop\The Sims&#8482; 3 - Shortcut.lnk
    2015-05-01 22:52 - 2015-05-01 22:52 - 00753184 _____ () C:\Users\kim\Downloads\Adware-Removal-Tool-v3.9.1.exe
    2015-05-01 22:52 - 2015-05-01 22:52 - 00753184 _____ () C:\Users\kim\Downloads\Adware-Removal-Tool-v3.9.1 (1).exe
    2015-04-30 19:00 - 2015-05-01 00:47 - 00000000 ____D () C:\Program Files (x86)\NpackdDetected
    2015-04-30 15:55 - 2015-05-04 18:48 - 00000000 ____D () C:\ProgramData\PlayFirst
    2015-04-30 15:54 - 2015-04-30 15:54 - 00000064 _____ () C:\Windows\GPlrLanc.dat
    2015-04-30 15:53 - 2015-05-14 16:59 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
    2015-04-30 15:51 - 2015-04-30 15:51 - 00000573 _____ () C:\Users\kim\Downloads\hoteldash-setup.website
    2015-04-30 15:43 - 2015-05-04 18:48 - 00000000 ____D () C:\Users\kim\AppData\Roaming\PlayFirst
    2015-04-30 15:43 - 2015-04-30 15:43 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    2015-04-30 15:41 - 2015-05-01 18:34 - 00000000 ____D () C:\Users\kim\AppData\Local\NSManager
    2015-04-30 15:41 - 2015-05-01 17:39 - 00000000 ____D () C:\Program Files (x86)\Simple
    2015-04-30 15:41 - 2015-05-01 10:18 - 00000000 ____D () C:\ProgramData\Npackd
    2015-04-30 15:41 - 2015-04-30 15:41 - 00003218 _____ () C:\Windows\System32\Tasks\NSManager_1430452778
    2015-04-30 15:41 - 2015-04-30 15:41 - 00000000 ____D () C:\Windows\System32\Tasks\Component System
    2015-04-30 15:41 - 2015-04-30 15:41 - 00000000 ____D () C:\Users\kim\AppData\Local\Component
    2015-04-30 15:41 - 2015-04-30 15:41 - 00000000 ____D () C:\Program Files (x86)\NpackdCL
    2015-04-30 15:40 - 2015-05-01 17:37 - 00000000 ____D () C:\Program Files (x86)\Like
    2015-04-30 15:40 - 2015-04-30 15:41 - 00000258 __RSH () C:\Users\kim\ntuser.pol
    2015-04-30 15:40 - 2015-04-30 15:40 - 00002157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
    2015-04-30 15:39 - 2015-04-30 15:41 - 00000000 ____D () C:\Users\kim\AppData\Local\Fast Browser
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002191 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002161 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002159 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
    2015-04-30 15:39 - 2015-04-30 15:39 - 00002157 _____ () C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
    2015-04-28 21:18 - 2015-05-16 21:22 - 00003176 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkim
    2015-04-28 21:18 - 2015-05-16 21:22 - 00000326 _____ () C:\Windows\Tasks\HPCeeScheduleForkim.job
    2015-04-25 20:34 - 2015-04-25 20:34 - 00001301 _____ () C:\Users\Public\Desktop\Delicious - Emily's New Beginning.lnk
    2015-04-24 12:41 - 2015-05-01 23:21 - 00000000 ____D () C:\Program Files\CCleaner
    2015-04-24 12:41 - 2015-04-24 12:41 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-04-24 11:27 - 2015-04-24 11:27 - 01701504 _____ () C:\Windows\Minidump\042415-54225-01.dmp
    2015-04-22 04:58 - 2015-04-22 05:02 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-22 04:58 - 2015-04-22 04:58 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-22 01:28 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-22 01:28 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-04-22 01:28 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-04-22 01:28 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-22 01:27 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-22 01:27 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-22 01:27 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-22 01:27 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-22 01:27 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-22 01:27 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-22 01:26 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-22 01:26 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-04-22 01:26 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-22 01:26 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-22 01:26 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-22 01:26 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-04-22 01:22 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-22 01:15 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-22 01:15 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-22 01:15 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-22 00:16 - 2015-04-22 00:16 - 00000288 _____ () C:\prefs.js
    2015-04-22 00:16 - 2015-04-22 00:16 - 00000000 ____D () C:\Users\kim\AppData\Roaming\LavasoftStatistics
    2015-04-22 00:16 - 2015-04-22 00:16 - 00000000 ____D () C:\searchplugins
    2015-04-22 00:13 - 2015-03-12 11:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
    2015-04-22 00:12 - 2015-03-12 11:58 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
    2015-04-22 00:09 - 2015-04-22 00:09 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
    2015-04-22 00:01 - 2015-04-22 00:01 - 00000000 ____D () C:\Program Files\Lavasoft
    2015-04-21 23:53 - 2015-04-21 23:53 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2015-04-21 23:21 - 2015-05-17 22:45 - 00003354 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    2015-04-21 23:21 - 2015-05-17 22:45 - 00003216 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-18 00:53 - 2012-07-14 03:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-18 00:49 - 2012-11-25 06:58 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{39643EC9-919A-40EA-8AAB-7FAB555FA1E3}
    2015-05-18 00:14 - 2012-01-23 13:05 - 01450835 _____ () C:\Windows\WindowsUpdate.log
    2015-05-17 23:44 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-05-17 23:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2015-05-17 23:35 - 2014-03-06 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave.com
    2015-05-17 23:35 - 2014-03-06 22:25 - 00000000 ____D () C:\Program Files (x86)\Shockwave.com
    2015-05-17 22:52 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-17 22:52 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-17 22:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-17 22:44 - 2009-07-13 23:51 - 00069440 _____ () C:\Windows\setupact.log
    2015-05-17 15:49 - 2015-01-20 16:21 - 00000000 ____D () C:\ProgramData\MFAData
    2015-05-17 00:35 - 2012-01-23 02:03 - 00002516 ___SH () C:\ProgramData\KGyGaAvL.sys
    2015-05-17 00:35 - 2012-01-23 01:57 - 00000000 ____D () C:\Users\kim\Documents\My PSP Files
    2015-05-16 21:59 - 2012-01-26 10:35 - 00000000 ____D () C:\ProgramData\Origin
    2015-05-14 21:35 - 2012-09-25 21:24 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-05-14 18:00 - 2015-01-23 14:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-14 17:18 - 2009-08-28 13:33 - 00822160 _____ () C:\Windows\PFRO.log
    2015-05-14 17:15 - 2012-07-14 03:25 - 00000000 ____D () C:\ProgramData\Yahoo!
    2015-05-14 17:15 - 2012-07-14 03:23 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
    2015-05-14 01:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-05-13 15:14 - 2009-08-28 13:42 - 00000000 ____D () C:\ProgramData\Temp
    2015-05-13 15:14 - 2009-07-13 21:34 - 00000617 _____ () C:\Windows\win.ini
    2015-05-13 09:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-05-13 08:24 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-13 08:18 - 2009-07-13 23:45 - 00351680 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-13 08:17 - 2013-08-25 01:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2015-05-13 08:17 - 2013-08-25 01:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2015-05-13 07:35 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-13 07:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-13 03:16 - 2014-04-14 21:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-05-13 03:15 - 2014-01-18 14:10 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-13 03:10 - 2014-01-18 14:10 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-05-13 03:04 - 2013-08-25 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-05-12 21:22 - 2012-02-08 07:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-05-12 21:21 - 2012-02-08 07:40 - 00000000 ____D () C:\Users\kim\AppData\Roaming\HpUpdate
    2015-05-12 13:01 - 2012-01-23 13:05 - 00000000 ____D () C:\Users\kim
    2015-05-08 21:55 - 2012-01-23 13:08 - 00085976 _____ () C:\Users\kim\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-05-03 16:44 - 2012-01-26 10:34 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-05-02 21:41 - 2014-03-09 12:31 - 00000000 ____D () C:\ProgramData\Gogii
    2015-05-01 23:27 - 2014-04-14 19:52 - 00000000 ____D () C:\Program Files (x86)\Product Support
    2015-05-01 17:53 - 2009-08-28 13:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-05-01 17:13 - 2012-01-23 13:09 - 00000000 ____D () C:\Users\kim\AppData\Local\VirtualStore
    2015-04-30 19:00 - 2015-01-23 14:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-30 19:00 - 2014-04-14 21:18 - 00000000 ____D () C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
    2015-04-30 19:00 - 2013-10-28 18:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-04-30 19:00 - 2013-10-28 18:06 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2015-04-30 19:00 - 2012-12-19 09:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2015-04-30 19:00 - 2009-08-28 14:01 - 00000000 ____D () C:\Program Files (x86)\HP Games
    2015-04-30 19:00 - 2009-08-28 13:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2015-04-30 19:00 - 2009-08-28 13:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2015-04-30 19:00 - 2009-08-28 13:31 - 00000000 ____D () C:\Program Files\LSI SoftModem
    2015-04-30 15:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
    2015-04-30 15:43 - 2012-01-23 01:10 - 00000000 ____D () C:\Users\kim\AppData\Roaming\Macromedia
    2015-04-30 15:38 - 2014-11-24 06:10 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2015-04-29 00:36 - 2012-01-23 02:04 - 00000000 ____D () C:\Users\kim\AppData\Local\Corel
    2015-04-27 23:24 - 2009-07-14 00:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-24 21:32 - 2012-12-19 09:54 - 00000562 _____ () C:\Windows\wininit.ini
    2015-04-24 11:56 - 2009-08-28 13:42 - 00000000 ____D () C:\Program Files (x86)\Cyberlink
    2015-04-24 11:27 - 2015-01-19 08:17 - 324544126 _____ () C:\Windows\MEMORY.DMP
    2015-04-24 11:27 - 2014-11-27 16:49 - 00000000 ____D () C:\Windows\Minidump
    2015-04-23 18:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-22 04:58 - 2015-01-17 06:05 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-22 04:58 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-22 04:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-04-22 04:24 - 2012-03-24 18:54 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-04-21 23:55 - 2012-07-14 03:25 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-21 23:55 - 2012-07-14 03:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-21 23:55 - 2012-01-23 10:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    ==================== Files in the root of some directories =======
    2014-11-07 07:46 - 2014-11-07 07:46 - 0008538 _____ () C:\Users\kim\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
    2014-11-07 07:46 - 2014-11-07 07:46 - 0004210 _____ () C:\Users\kim\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
    2014-11-07 07:46 - 2014-11-07 07:46 - 0000274 _____ () C:\Users\kim\AppData\Roaming\INSTALL_TOR.URL
    2014-04-14 20:52 - 2014-11-24 12:10 - 0000096 _____ () C:\Users\kim\AppData\Roaming\WB.CFG
    2012-10-02 16:10 - 2013-04-26 18:16 - 0000872 _____ () C:\Users\kim\AppData\Roaming\wklnhst.dat
    2015-01-24 09:24 - 2015-01-24 09:24 - 0000480 ____H () C:\Users\kim\AppData\Roaming\&#40637;&#37778;&#39379;&#35228;
    2012-01-23 11:16 - 2013-02-24 01:03 - 0005632 _____ () C:\Users\kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-11-07 07:28 - 2014-11-07 07:28 - 0008538 _____ () C:\Users\kim\AppData\Local\DECRYPT_INSTRUCTION.HTML
    2014-11-07 07:28 - 2014-11-07 07:28 - 0004210 _____ () C:\Users\kim\AppData\Local\DECRYPT_INSTRUCTION.TXT
    2014-11-07 07:28 - 2014-11-07 07:28 - 0000274 _____ () C:\Users\kim\AppData\Local\INSTALL_TOR.URL
    2012-01-23 12:09 - 2012-01-23 12:09 - 2010116 _____ () C:\Users\kim\AppData\Local\tmpCHRISTMAS%20AND%20JAN%202011-12%20044[1].0
    2012-01-23 12:09 - 2012-01-23 12:09 - 0745248 _____ () C:\Users\kim\AppData\Local\tmpCHRISTMAS%20AND%20JAN%202011-12%20044[1].JPG
    2014-11-06 21:42 - 2014-11-06 21:42 - 0008536 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
    2014-11-06 21:42 - 2014-11-06 21:42 - 0004208 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
    2014-11-06 21:42 - 2014-11-06 21:42 - 0000272 _____ () C:\ProgramData\INSTALL_TOR.URL
    2012-01-23 02:03 - 2015-05-17 00:35 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-05-14 06:07
    ==================== End Of Log ============================
     
  9. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
    Ran by kim at 2015-05-18 01:35:39
    Running from C:\Users\kim\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-2961242490-1984678187-2713381144-500 - Administrator - Disabled)
    Guest (S-1-5-21-2961242490-1984678187-2713381144-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2961242490-1984678187-2713381144-1002 - Limited - Enabled)
    kim (S-1-5-21-2961242490-1984678187-2713381144-1001 - Administrator - Enabled) => C:\Users\kim
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: AVG AntiVirus 2015 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus 2015 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
    AVG 2015 (Version: 15.0.4284 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0000 - Corel Corporation)
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
    Dark Strokes: The Legend of the Snow Kingdom (HKLM-x32\...\Dark Strokes: The Legend of the Snow Kingdom) (Version: 32.0.0.0 - Shockwave.com)
    Delicious - Emily's New Beginning (HKLM-x32\...\Delicious - Emily's New Beginning) (Version: 32.0.0.0 - Shockwave.com)
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
    Facebook Messenger 2.1.4651.0 (HKLM-x32\...\{17D26CDD-B87C-412B-92F0-2D5DD4313522}) (Version: 2.1.4651.0 - Facebook)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
    HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
    HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)
    J2SE Runtime Environment 5.0 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
    LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
    LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.96 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nancy Drew®: Ghost of Thornton Hall (HKLM-x32\...\Nancy Drew®: Ghost of Thornton Hall) (Version: 32.0.0.0 - Shockwave.com)
    NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
    NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
    Paranormal Pursuit: The Gifted One (HKLM-x32\...\Paranormal Pursuit: The Gifted One) (Version: 32.0.0.0 - Shockwave.com)
    PDF Creator (HKLM\...\PDF Creator) (Version: - )
    PDF Creator Packages (HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\PDF Creator Packages) (Version: - ) <==== ATTENTION
    Playtopus (HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Playtopus) (Version: - Playtopus)
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
    PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
    RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
    The Sims&#8482; 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
    The Sims&#8482; 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
    The Sims&#8482; 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims&#8482; 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
    The Sims&#8482; 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
    The Sims&#8482; 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
    The Sims&#8482; 3 Master Suite Stuff (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
    The Sims&#8482; 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
    The Sims&#8482; 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    The Sims&#8482; 3 Pets Create A Pet Demo (HKLM-x32\...\{F617CEFF-8242-42AF-95BE-2545DB029A0C}) (Version: 1.0.49 - Electronic Arts)
    The Sims&#8482; 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims&#8482; 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
    The Sims&#8482; 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims&#8482; 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
    The Sims&#8482; 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
    The Sims&#8482; 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    ==================== Restore Points =========================
    14-05-2015 16:14:50 AA11
    14-05-2015 16:39:55 Removed AVG 2015
    14-05-2015 16:51:16 Removed Google Earth.
    14-05-2015 17:12:09 LavasoftWeCompanion
    18-05-2015 01:31:53 Removed Strongvault Online Backup
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 21:34 - 2015-05-14 17:15 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (Whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {00C1826B-ED9B-4CA2-B1AC-882CDBD73B93} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {08191A59-E455-424E-B506-5B1D8BCBC6E8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {0A4C1CD1-E332-4727-B5FB-75869C677953} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
    Task: {125F7BE1-9569-4E67-9DA8-11532C2BC25F} - System32\Tasks\FastFix_Start => C:\Program Files (x86)\FastFixPRO\FastFix.exe
    Task: {1DEB06CA-98AE-438A-B738-9750FCBDAEE9} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {1F076351-F9B6-4FB6-8830-A397259118A2} - System32\Tasks\{3BF2ADEE-F771-4A48-A9EA-5560C9BD5AA8} => C:\Windows\twain_32\escndv\escndv.exe
    Task: {21386CB3-E7BA-4161-9BF3-C52359C113E7} - System32\Tasks\{ECE68695-E75D-4734-893E-BB8A919E3534} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {24E8E48B-F8EB-4B64-871B-66220765E139} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {274F6774-0902-437D-9E8C-9AD9518F3206} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: {34926DE4-AC7B-4246-B5B3-F38A5C8454C8} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
    Task: {352E1E9D-CEF4-4FE8-A7FD-980784EE8232} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {38F04286-22B3-4D9C-89F7-44A835FB4C22} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {3AD4F317-BD64-477F-824E-2794BEF8AB93} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {3C543D29-2CC7-4AAB-BCBB-D52A7F22C359} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
    Task: {3D75EDD9-1462-4162-82C5-F84E002044DB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {44F01531-4044-45E3-9D6F-E0B4D2CCF8E1} - System32\Tasks\{F1B4CD66-3449-4737-A8B6-C95DB118C107} => C:\Program Files (x86)\Origin Games\The Sims 3 High End Loft Stuff\Game\Bin\Sims3Launcher.exe [2011-03-04] (EA.com)
    Task: {46583032-9DF6-44E6-8015-114D25A3AECC} - System32\Tasks\Quick PC Booster Idle => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: {48519049-4C70-4221-B4A8-9189E0CAE0E7} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-09] (Hewlett-Packard)
    Task: {498ED48E-7ACE-4E9A-8D70-8D5CAC845BD3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-05-05] (Microsoft)
    Task: {4ACAA56D-C73F-41C9-A00A-0BF80701CA0D} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {4C6510F9-F4F4-4264-A94F-09E889AB449C} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
    Task: {55D1C7B7-6449-4B04-A0B9-94BF37F25895} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {56BC60B7-E89D-4F36-9258-CF331288FEF7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {6D580A23-AF54-48F6-8B08-3265293E29BA} - System32\Tasks\{1A036A82-E2C9-45AE-ACA0-22CFC3558405} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {6DCB076A-4051-400F-B233-1D386D15F60B} - System32\Tasks\Component System\Component => C:\Users\kim\AppData\Local\Component\com.exe [2015-04-24] ()
    Task: {847C7CA8-9223-4A00-90E6-8CFB26A5696F} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
    Task: {85C64D47-91F8-4CBA-B5A3-B93E30611BE6} - System32\Tasks\{8964779D-21DC-4118-A065-0B1EF034066E} => C:\Windows\twain_32\escndv\escndv.exe
    Task: {8BA18D50-230D-4D64-8B54-711CBADD5B31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {92DABE9F-F699-40AF-A914-465AD90DAED4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {94EBE53C-4F37-4765-BE8B-1998E2D62BA4} - System32\Tasks\{22D9C081-FEDB-4A45-A611-D5B3EE1E7B89} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {AB65994C-5D05-47AA-9069-19DC0B64192E} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
    Task: {B629CD8C-E0F1-4753-B45C-2F40914FBBAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-05-05] (Microsoft)
    Task: {BE00BE14-FE2E-4AD1-A9B2-74B30A9C606F} - System32\Tasks\{1F07CF55-E70C-4398-8462-5449058EFEBF} => C:\Program Files (x86)\Origin Games\The Sims 3 Ambitions\Game\Bin\Sims3Launcher.exe [2011-03-02] (EA.com)
    Task: {BE0CBBFC-5AFE-4C08-AB09-F87CD548F7F2} - System32\Tasks\NSManager_1430452778 => C:\Users\kim\AppData\Local\NSManager\manager.exe
    Task: {C65C0909-5300-4090-A127-F5678BA2A59A} - System32\Tasks\{BBC1BDC8-1647-4988-ACA7-35420BB30737} => pcalua.exe -a "C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\GUninstaller.exe" -c -uprtc -key "claro"
    Task: {C978A061-B19D-4ABA-BBCB-B23935C3C69B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
    Task: {D02FB06F-7167-4970-AA3E-CA3649D4A620} - System32\Tasks\RunAsStdUser Task => C:\Users\kim\AppData\Local\teeveewatchSA\bin\1.0.7.0\TeeveeWatchSA.exe
    Task: {D631B6D8-9AF1-4762-89B7-BABE3503013E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2961242490-1984678187-2713381144-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {E3A31EB5-D6A6-441B-88CC-6706D6FBF250} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    Task: {E4630C7A-F528-43B9-BFB4-EDDB67C5DF72} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {F26BD20C-5FC1-4D94-A483-F631960DA087} - System32\Tasks\HPCeeScheduleForkim => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-05-26] (Hewlett-Packard)
    Task: {F612B722-1803-4590-8AE2-3D9E8B7E9064} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    Task: {F6DE250C-A27A-4440-AB15-274AA92DBC0B} - System32\Tasks\{EF2C254B-A5D0-4760-8DB6-ED2B764C4C70} => C:\Program Files (x86)\Shockwave.com\Echoes of Sorrow\Echoes of Sorrow.exe
    Task: {FD26037B-0A5A-4828-9D43-1683EFF451BA} - System32\Tasks\{7A2CA649-4586-42EB-AB94-4C64A9562D29} => C:\Windows\twain_32\escndv\escndv.exe
    Task: {FF4BA70B-4862-4E28-B195-6B07F4F7C36A} - System32\Tasks\FastFix_Popup => C:\Program Files (x86)\FastFixPRO\Splash.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForkim.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
    ==================== Loaded Modules (Whitelisted) ==============
    2013-02-04 18:54 - 2011-10-04 23:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
    2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2013-09-29 18:46 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    2014-04-01 09:42 - 2014-04-01 09:42 - 00428416 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-09-29 18:46 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
    2009-07-15 19:51 - 2009-07-15 19:51 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
    2009-07-15 19:51 - 2009-07-15 19:51 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
    2009-07-15 19:50 - 2009-07-15 19:50 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
    2012-07-14 03:25 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    2009-08-05 15:45 - 2009-08-05 15:45 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    ==================== Alternate Data Streams (Whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    ==================== EXE Association (Whitelisted) ===============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== Internet Explorer trusted/restricted ===============
    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    ==================== Other Areas ============================
    (Currently there is no automatic fix for this section.)
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    (Currently there is no automatic fix for this section.)
    MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
    MSCONFIG\startupreg: Corel File Shell Monitor => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    MSCONFIG\startupreg: HP Remote Solution => C:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    MSCONFIG\startupreg: ospd_us_375 =>
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    MSCONFIG\startupreg: SMessaging => C:\Users\kim\AppData\Local\Strongvault Online Backup\SMessaging.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    ==================== FirewallRules (Whitelisted) ===============
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    FirewallRules: [{4F658127-CD70-4417-9903-C6C43DE0BB81}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
    FirewallRules: [{C0BFDE56-F960-47FB-9397-3570E07CC8AE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{3B062AC2-0803-477D-A357-8EBC9B77D457}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{1F90B78A-BBF2-4311-8574-DC45D59555EA}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{4A08F114-F335-4C6C-AC80-04D849CBE0CF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{5CA67BBF-E370-44AD-BF89-5C32A2AEFBA0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{70C2A7F6-811B-4317-9115-0DFE962D7FB4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{705DBBED-EEB4-43DB-BEBF-EE4285652C8D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
    FirewallRules: [{C4697B77-1A51-437A-BA0B-C8C8EDB7011D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
    FirewallRules: [{DC58B3DF-E9B1-4DEC-B7D9-1B76BCFFCBE8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
    FirewallRules: [{470A1FCC-A52C-4F7F-8F1D-4921C58760FF}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    FirewallRules: [{0A1760BF-8253-4DE4-A679-2211D22974C8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{2F804FCB-26B6-423D-86EB-34ACC642F648}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
    FirewallRules: [{3194C969-9477-4618-B9AB-E72D2A4DA05A}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
    FirewallRules: [{E76047F4-845C-43AC-B11D-85635EA036EA}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
    FirewallRules: [{A70682CB-2AD5-486C-9475-3325DD36B30D}] => (Allow) C:\Program Files (x86)\iWin Games\iWinGames.exe
    FirewallRules: [{EF3C90D0-7F15-430C-B16F-199C42BB79E0}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
    FirewallRules: [{4FBD902F-4FDF-4D89-9744-97E5EBF053F5}] => (Allow) C:\Program Files (x86)\iWin Games\WebUpdater.exe
    FirewallRules: [{59B14F81-F60B-41C7-8D57-E7D55270EEF7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{3EB4BBB0-1E4F-4C1A-B272-D0A2E8298027}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{026C4B4E-E107-486B-8C25-D61FD0A5F2CB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{42AEE30B-5EC1-4813-833D-FE632C5416A3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{503E5C57-44C4-4786-A467-83534CDDF0B2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{F2D8DFEE-AB39-48D2-A9CA-CA8B186C3A90}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
    FirewallRules: [{C47633E5-D8B7-46C8-9BBC-B79BBA90063C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{C49F0CB4-CEFC-43E0-A1DF-A3D4A09F7472}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{8915AF2D-9A81-4CBB-B9BE-1EA1B8FF1A43}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{36FE6477-6AB0-48AB-990D-C44A9E814F29}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{396E20E6-50E1-4753-B8B1-8F60FA585E05}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{5F93780E-DFF4-430C-9AE4-53500A5359A6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
    FirewallRules: [{F7731523-ADDC-4DCC-B14C-A6AE28765599}] => (Allow) C:\Users\kim\AppData\Local\TNT2\2.0.0.1983\TNT2User.exe
    ==================== Faulty Device Manager Devices =============
    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (05/18/2015 01:33:31 AM) (Source: MsiInstaller) (EventID: 11905) (User: kim-PC)
    Description: Product: Strongvault Online Backup -- Error 1905.Module C:\Users\kim\AppData\Local\Strongvault Online Backup\vsscopy.exe failed to unregister. HRESULT -2147220472. Contact your support personnel.
    Error: (05/18/2015 01:32:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service PremierOpinion since QueryServiceConfig API failed
    System Error:
    The system cannot find the file specified.
    .
    Error: (05/18/2015 01:29:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 16.5.2015.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
    Process ID: e1c
    Start Time: 01d091250d275f70
    Termination Time: 219
    Application Path: C:\Users\kim\Desktop\FRST64.exe
    Report Id: 24204cf1-fd27-11e4-b92c-e0cb4e0ca4af
    Error: (05/17/2015 07:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: Flash64_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529e381
    Exception code: 0xc0000005
    Fault offset: 0x00000000008f316d
    Faulting process id: 0x378
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/17/2015 05:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/17/2015 05:14:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: MSHTML.dll, version: 11.0.9600.17801, time stamp: 0x55368224
    Exception code: 0xc0000005
    Fault offset: 0x000000000002ad94
    Faulting process id: 0xa98
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/16/2015 01:22:16 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: Flash64_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529e381
    Exception code: 0xc0000005
    Fault offset: 0x00000000008f316d
    Faulting process id: 0xcc0
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/16/2015 02:04:38 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.
    Error: (05/15/2015 01:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: Flash64_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529e381
    Exception code: 0xc0000005
    Fault offset: 0x00000000008f31b7
    Faulting process id: 0xe28
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3
    Error: (05/15/2015 02:41:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: iexplore.exe, version: 11.0.9600.17801, time stamp: 0x55366552
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000000000000000a
    Faulting process id: 0xf08
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    System errors:
    =============
    Error: (05/17/2015 10:45:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (05/17/2015 10:44:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
    Error: (05/17/2015 10:44:36 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:42:26 PM on &#8206;5/&#8206;17/&#8206;2015 was unexpected.
    Error: (05/17/2015 03:45:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (05/17/2015 03:44:38 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
    Error: (05/17/2015 03:44:35 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:41:39 PM on &#8206;5/&#8206;17/&#8206;2015 was unexpected.
    Error: (05/16/2015 09:53:24 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
    Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    Error: (05/15/2015 07:51:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
    Error: (05/15/2015 07:50:16 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error %%-536753636.
    Error: (05/15/2015 07:50:12 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 7:48:27 PM on &#8206;5/&#8206;15/&#8206;2015 was unexpected.

    Microsoft Office Sessions:
    =========================
    ==================== Memory info ===========================
    Processor: AMD Athlon(tm) II X2 215 Processor
    Percentage of memory in use: 51%
    Total physical RAM: 3838.49 MB
    Available physical RAM: 1854.39 MB
    Total Pagefile: 7675.19 MB
    Available Pagefile: 5807.11 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB
    ==================== Drives ================================
    Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:299.89 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  10. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    listcwall.txt does not contain a list of encrypted files
     
  11. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Firstly please uninstall the following program that comes bundled with Adware:

    PDF Creator Packages

    After that

    Okay, we will try again later.

    For now

    I overlooked that one of those files was unicode and FRST was unable to deal with it.

    We need to deal with it a different way.

    Download the attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Next

    Download RogueKiller to your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled.

    • Quit all running programs
    • For Vista and above, right click -> run as administrator, for XP simply run RogueKiller.exe
    • Wait until Prescan has finished...
    • Click on Scan (top of panel right hand side)
    • Wait for the scan to finish.
    • Click the report button, right hand panel.
    • Do not click on any other buttons
    Please copy and paste the contents of all the RKreport in your next Reply.

    So when you return please post
    • Fixlog.txt
    • RKreport
     

    Attached Files:

    Last edited: May 18, 2015
  12. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    frst64 keeps not responding. But, when I open it back up it says that a log was created. so here it is...


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
    Ran by kim at 2015-05-18 03:46:03 Run:2
    Running from C:\Users\kim\Desktop
    Loaded Profiles: kim (Available profiles: kim)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...\Run: [{79406ACD-66EC-6BE8-4DC4-D4373DD7A514}] => C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe
    C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4...=1233414094&ir=
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://www.safesear.ch/web/?type=201...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> DefaultScope {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?guid...k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {607855CD-12A2-4249-BD04-F246C0594D98} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {778370FA-7463-4DAF-A8B7-DAD43A9A3920} URL = http://search.yahoo.com/search?p={se...0,19853,0,18,0
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {8E444261-4465-4F61-8080-760B12A51476} URL = http://search.findwide.com/serp?guid...k={searchTerms}
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {9A85498F-6AA4-4FC0-9587-68A163876745} URL = http://search.yahoo.com/search?p={se...etb&type=11425
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
    SearchScopes: HKU\S-1-5-21-2961242490-1984678187-2713381144-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: SelectionLinksBHO Class -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} -> C:\Program Files (x86)\OApps\SelectionLinks.dll No File
    BHO-x32: No Name -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
    DPF: HKLM-x32 {2D168880-539F-4967-BA11-F7C2862B9E1D} http://www.shockwave.com/content/dia...eb.1.0.0.4.cab
    FF Plugin HKU\S-1-5-21-2961242490-1984678187-2713381144-1001: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll No File
    C:\Program Files (x86)\Free Ride Games
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    C:\ProgramData\Norton
    S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
    C:\Program Files (x86)\PremierOpinion
    C:\Program Files (x86)\Free Ride GamesGlobalTime.xml
    C:\Users\kim\AppData\Roaming\????
    C:\Users\kim\AppData\Local\nsiABF0.tmp
    C:\ProgramData\94830156DE.sys
    C:\ProgramData\@system.temp
    C:\ProgramData\@system3.att
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    AlternateDataStreams: C:\ProgramData\Temp:0CD2D17A
    AlternateDataStreams: C:\ProgramData\Temp:0E544CF5
    AlternateDataStreams: C:\ProgramData\Temp:1EB80F40
    AlternateDataStreams: C:\ProgramData\Temp:45A15C24
    AlternateDataStreams: C:\ProgramData\Temp:52454683
    AlternateDataStreams: C:\ProgramData\Temp:5C321E34
    AlternateDataStreams: C:\ProgramData\Temp:79FD1F58
    AlternateDataStreams: C:\ProgramData\Temp:969736FD
    AlternateDataStreams: C:\ProgramData\Temp:A6FD3255
    AlternateDataStreams: C:\ProgramData\Temp:AD5E6155
    AlternateDataStreams: C:\ProgramData\Temp:E3892B6D
    AlternateDataStreams: C:\ProgramData\Temp:E44513D0
    AlternateDataStreams: C:\ProgramData\Temp:E46A89F4
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news964078814
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages523453257
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-954496249
    AlternateDataStreams: C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends2073392651
    CMD: ipconfig /flushdns
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    Task: {08644996-E83A-4F2C-9604-9FF3425CE188} - \APSnotifierPP2 No Task File <==== ATTENTION
    Task: {15788A5F-0B50-42D1-8601-427E1950AC02} - System32\Tasks\4502 => Wscript.exe C:\Users\kim\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\launchie.vbs
    Task: {190F1876-DB2E-4D61-BB47-1C2293D8BA53} - \APSnotifierPP3 No Task File <==== ATTENTION
    Task: {198D7C55-A8DF-408F-9192-A27F6A8E4C0A} - \APSnotifierPP1 No Task File <==== ATTENTION
    Task: {36055958-6EE7-413C-96DA-FA394EA06BA4} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION
    Task: {3DD60D36-B595-495F-B9DC-9621215E1746} - \Security Center Update - 274607997 No Task File <==== ATTENTION
    Task: {65105484-7252-4158-AC22-FD218335B11D} - System32\Tasks\vqppetc => C:\Users\kim\AppData\Local\Temp\frjiyte.exe <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\frjiyte.exe
    Task: {6F70C4D6-1ECC-4731-86D1-106831941809} - \Security Center Update - 1218260494 No Task File <==== ATTENTION
    Task: {72A22B08-F0CE-42FB-A4FB-A9187512231E} - \Security Center Update - 2904689137 No Task File <==== ATTENTION
    Task: {762459EF-2E4E-4D67-AA0C-22010C13D5D0} - \Security Center Update - 3835183481 No Task File <==== ATTENTION
    Task: {9C295586-EF20-4CCC-9F12-6D702481F892} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{1C62ECD6-1181-4821-8EB5-602E028955AB}.exe [2014-08-26] ()
    C:\ProgramData\Avg_Update_0814tb
    Task: {B143F255-C415-4D80-9349-D355250BFE39} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {C5472346-DDB8-4085-8F15-A846928D35A4} - System32\Tasks\Test TimeTrigger => C:\Users\kim\AppData\Local\Temp\Runner.exe <==== ATTENTION
    C:\Users\kim\AppData\Local\Temp\Runner.exe
    Task: {D20922DC-7E0A-4CAF-B9DD-7C80A4D7F1E5} - \Playtopus Updater No Task File <==== ATTENTION
    Task: {E16FA49F-8AA0-4399-9A3C-573CB1667230} - \Security Center Update - 1709683685 No Task File <==== ATTENTION
    Task: {EC27A6BD-325F-4D33-B5D6-647E6457124A} - \TidyNetwork Update No Task File <==== ATTENTION
    Task: {F1A2E63C-93B3-44FF-B4FB-919CE6BB33EE} - \Security Center Update - 3354956722 No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar
    Task: C:\Windows\Tasks\Quick PC Booster Idle.job => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
    C:\Program Files\Quick PC Booster
    FirewallRules: [{BE1A5335-B742-44D8-9EF3-F0D3B0B70CF9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{91C7C665-AE3E-4489-AE1F-A4ADDB89BFE9}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
    FirewallRules: [{1C02D719-4E95-4ED7-AEBB-233D6739D483}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    FirewallRules: [{6CFA9E6F-D636-4A05-A3D1-DFF6AD12EFFA}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
    EmptyTemp:
    *****************
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run\\{79406ACD-66EC-6BE8-4DC4-D4373DD7A514} => Value not found.
    "C:\Users\kim\AppData\Roaming\Irfi\ozfyy.exe" => File/Directory not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
    "C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
    HKLM\SOFTWARE\Policies\Google => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Policies\Google => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    HKCR\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => Key not found.
    HKCR\CLSID\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
    HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    HKCR\Wow6432Node\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => Key not found.
    HKCR\Wow6432Node\CLSID\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    HKCR\CLSID\{607855CD-12A2-4249-BD04-F246C0594D98} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{778370FA-7463-4DAF-A8B7-DAD43A9A3920} => Key not found.
    HKCR\CLSID\{778370FA-7463-4DAF-A8B7-DAD43A9A3920} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E444261-4465-4F61-8080-760B12A51476} => Key not found.
    HKCR\CLSID\{8E444261-4465-4F61-8080-760B12A51476} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A85498F-6AA4-4FC0-9587-68A163876745} => Key not found.
    HKCR\CLSID\{9A85498F-6AA4-4FC0-9587-68A163876745} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => Key not found.
    HKCR\CLSID\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
    HKCR\CLSID\{CC865B26-C31D-4D23-B17B-96548EEF03F6} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} => Key not found.
    HKCR\Wow6432Node\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CB99040-7828-4C37-AC01-F15758F43E4D} => Key not found.
    HKCR\Wow6432Node\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
    HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{2D168880-539F-4967-BA11-F7C2862B9E1D} => Key not found.
    HKCR\Wow6432Node\CLSID\{2D168880-539F-4967-BA11-F7C2862B9E1D} => Key not found.
    HKU\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\MozillaPlugins\www.exent.com/GameTreatWidget => Key not found.
    C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll not found.
    "C:\Program Files (x86)\Free Ride Games" => File/Directory not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} => Value not found.
    "C:\ProgramData\Norton" => File/Directory not found.
    PremierOpinion => Service not found.
    "C:\Program Files (x86)\PremierOpinion" => File/Directory not found.
    "C:\Program Files (x86)\Free Ride GamesGlobalTime.xml" => File/Directory not found.
    "C:\Users\kim\AppData\Roaming\????" directory move:
    Could not move "C:\Users\kim\AppData\Roaming\????" directory. => Scheduled to move on reboot.
    "C:\Users\kim\AppData\Local\nsiABF0.tmp" => File/Directory not found.
    "C:\ProgramData\94830156DE.sys" => File/Directory not found.
    "C:\ProgramData\@system.temp" => File/Directory not found.
    "C:\ProgramData\@system3.att" => File/Directory not found.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
    "C:\ProgramData\Temp" => ":0CD2D17A" ADS not found.
    "C:\ProgramData\Temp" => ":0E544CF5" ADS not found.
    "C:\ProgramData\Temp" => ":1EB80F40" ADS not found.
    "C:\ProgramData\Temp" => ":45A15C24" ADS not found.
    "C:\ProgramData\Temp" => ":52454683" ADS not found.
    "C:\ProgramData\Temp" => ":5C321E34" ADS not found.
    "C:\ProgramData\Temp" => ":79FD1F58" ADS not found.
    "C:\ProgramData\Temp" => ":969736FD" ADS not found.
    "C:\ProgramData\Temp" => ":A6FD3255" ADS not found.
    "C:\ProgramData\Temp" => ":AD5E6155" ADS not found.
    "C:\ProgramData\Temp" => ":E3892B6D" ADS not found.
    "C:\ProgramData\Temp" => ":E44513D0" ADS not found.
    "C:\ProgramData\Temp" => ":E46A89F4" ADS not found.
    "C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website" => ":TASKICON_0news964078814" ADS not found.
    "C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website" => ":TASKICON_1messages523453257" ADS not found.
    "C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website" => ":TASKICON_2events-954496249" ADS not found.
    "C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website" => ":TASKICON_3friends2073392651" ADS not found.
    ========= ipconfig /flushdns =========

    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    ========= End of CMD: =========
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => Value not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08644996-E83A-4F2C-9604-9FF3425CE188} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15788A5F-0B50-42D1-8601-427E1950AC02} => Key not found.
    C:\Windows\System32\Tasks\4502 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4502 => Key not found.
    "C:\Users\kim\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{190F1876-DB2E-4D61-BB47-1C2293D8BA53} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198D7C55-A8DF-408F-9192-A27F6A8E4C0A} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36055958-6EE7-413C-96DA-FA394EA06BA4} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_DNS_Checker => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DD60D36-B595-495F-B9DC-9621215E1746} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 274607997 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65105484-7252-4158-AC22-FD218335B11D} => Key not found.
    C:\Windows\System32\Tasks\vqppetc not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vqppetc => Key not found.
    "C:\Users\kim\AppData\Local\Temp\frjiyte.exe" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F70C4D6-1ECC-4731-86D1-106831941809} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1218260494 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72A22B08-F0CE-42FB-A4FB-A9187512231E} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2904689137 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{762459EF-2E4E-4D67-AA0C-22010C13D5D0} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3835183481 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C295586-EF20-4CCC-9F12-6D702481F892} => Key not found.
    C:\Windows\System32\Tasks\0814tbUpdateInfo not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0814tbUpdateInfo => Key not found.
    "C:\ProgramData\Avg_Update_0814tb" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B143F255-C415-4D80-9349-D355250BFE39} => Key not found.
    C:\Windows\System32\Tasks\0 not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5472346-DDB8-4085-8F15-A846928D35A4} => Key not found.
    C:\Windows\System32\Tasks\Test TimeTrigger not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => Key not found.
    "C:\Users\kim\AppData\Local\Temp\Runner.exe" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D20922DC-7E0A-4CAF-B9DD-7C80A4D7F1E5} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Playtopus Updater => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E16FA49F-8AA0-4399-9A3C-573CB1667230} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1709683685 => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC27A6BD-325F-4D33-B5D6-647E6457124A} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1A2E63C-93B3-44FF-B4FB-919CE6BB33EE} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3354956722 => Key not found.
    C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job not found.
    C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job not found.
    "C:\Program Files (x86)\AVG SafeGuard toolbar" => File/Directory not found.
    C:\Windows\Tasks\Quick PC Booster Idle.job not found.
    C:\Windows\Tasks\Quick PC Booster64 startups.job not found.
    "C:\Program Files\Quick PC Booster" => File/Directory not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE1A5335-B742-44D8-9EF3-F0D3B0B70CF9} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91C7C665-AE3E-4489-AE1F-A4ADDB89BFE9} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C02D719-4E95-4ED7-AEBB-233D6739D483} => Value not found.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6CFA9E6F-D636-4A05-A3D1-DFF6AD12EFFA} => Value not found.
    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-18 03:57:04)<=
    ==> ATTENTION: System is not rebooted.
    "C:\Users\kim\AppData\Roaming\????" => Could not move.
    ==== End of Fixlog 03:57:04 ====
     
  13. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : kim [Administrator]
    Started from : C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5B1VM1K3\RogueKiller.exe
    Mode : Scan -- Date : 05/18/2015 04:04:28
    ¤¤¤ Processes : 0 ¤¤¤
    ¤¤¤ Registry : 19 ¤¤¤
    [Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
    [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Found
    [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} -> Found
    [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} -> Found
    [Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Found
    [Orphan] (X64) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} : -> Found
    [Orphan] (X86) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} : -> Found
    [Orphan] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} -> Found
    [PUP] (X64) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run | BRS : C:\Program Files (x86)\Groovorio\BRS\brs.exe -runBRS [x][x][x][x] -> Found
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run | GoogleUpdate : C:\Users\kim\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [x] -> Found
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run | USB Adapter Updater : "C:\ProgramData\USB Adapter Updater\bjrwzmzis.exe" [x] -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run | BRS : C:\Program Files (x86)\Groovorio\BRS\brs.exe -runBRS [x][x][x][x] -> Found
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run | GoogleUpdate : C:\Users\kim\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe [x] -> Found
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2961242490-1984678187-2713381144-1001\Software\Microsoft\Windows\CurrentVersion\Run | USB Adapter Updater : "C:\ProgramData\USB Adapter Updater\bjrwzmzis.exe" [x] -> Found
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PremierOpinion (C:\Program Files (x86)\PremierOpinion\pmservice.exe /service) -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    ¤¤¤ Tasks : 3 ¤¤¤
    [Suspicious.Path] \\NSManager_1430452778 -- "C:\Users\kim\AppData\Local\NSManager\manager.exe" -> Found
    [Suspicious.Path] \\RunAsStdUser Task -- "C:\Users\kim\AppData\Local\teeveewatchSA\bin\1.0.7.0\TeeveeWatchSA.exe" -> Found
    [Suspicious.Path|VT.Trojan.Win32.Generic!BT] \Component System\Component -- "C:\Users\kim\AppData\Local\Component\com.exe" -> Found
    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] IMVU.lnk -- C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [[email protected]] C:\Users\kim\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup" -> Found
    ¤¤¤ Hosts File : 0 ¤¤¤
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
    --- User ---
    [MBR] 95c5eb03e79127a743656b9a4fca268a
    [BSP] b5f924c6a6e962d4d1dede7870d9e459 : Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 464611 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 951730176 | Size: 12227 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )
    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
    +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  14. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    That is the log from the previous fix.

    Did you follow the instruction to download the fixlist.txt file attached to the bottom of my last post?
     
  15. sr300zx

    sr300zx Thread Starter

    Joined:
    May 28, 2011
    Messages:
    90
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
    Ran by kim at 2015-05-18 16:00:38 Run:3
    Running from C:\Users\kim\Desktop
    Loaded Profiles: kim (Available profiles: kim)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    C:\Users\kim\AppData\Roaming\&#40637;&#37778;&#39379;&#35228;
    C:\Users\kim\AppData\Local\Strongvault Online Backup
    hosts:
    reboot:
    *****************
    C:\Users\kim\AppData\Roaming\&#40637;&#37778;&#39379;&#35228; => Moved successfully.
    "C:\Users\kim\AppData\Local\Strongvault Online Backup" => File/Directory not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.

    The system needed a reboot.
    ==== End of Fixlog 16:00:38 ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148254

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice