Jump to content

Roll Around Adware from Freeware.


Recommended Posts

I swear, Avast is the only thing that's keeping my computer alive right now. I was an idiot and decided to download a file converter, and now Google Chrome is infected with those stupid Roll Around Ads. Malwarebytes took out a bunch of programs after the first scan, but I'm still getting the popups and ads on Google Chrome (No ads on Internet Explorer, weirdly). I uninstalled the Freeware and the "Google Toolbar for Internet Explorer" which apparently installed with the program. Then Google chrome changed to German and I'm getting =trackid after all my google chrome searches. Even on internet explorer, Avast is blocking between 3 - 10 attempts to track me per page refresh. I've tried running browser cleanup, full scan, and boot-time scan on avast, and I've run malwarebytes multiple times to no avail. I've noticed that an extension of Google chrome called "Google Now!" keeps appearing, but according to google I only have the official google extensions, Avast, and Nationstates ++ installed (The last is trustworthy; I've had it for a long time). I'll post the logs for that FRST program you had me download in the pinned thread.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Owner (administrator) on OWNER-PC on 07-03-2015 21:56:07
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35T3ADO5
Loaded Profiles: Owner & DefaultAppPool &  (Available profiles: Owner & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Pokki) C:\Users\Owner\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Pokki) C:\Users\Owner\AppData\Local\Pokki\Engine\HostAppService.exe
(ATMEL) C:\Program Files (x86)\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Pokki) C:\Users\Owner\AppData\Local\Pokki\Engine\HostAppService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Pokki) C:\Users\Owner\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
(Actual Tools) C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\browsercleanup.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-02-16] (Spotify Ltd)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-16] (Spotify Ltd)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1808688 2014-11-01] (Actual Tools)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\RunOnce: [Application Restart #2] => C:\Users\Owner\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side- (the data entry has 540 more characters).
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\GPhotos.scr [4558848 2014-01-06] (Google Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify] => C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-02-16] (Spotify Ltd)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-16] (Spotify Ltd)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Actual Multiple Monitors] => C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe [1808688 2014-11-01] (Actual Tools)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #2] => C:\Users\Owner\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side- (the data entry has 540 more characters).
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\GPhotos.scr [4558848 2014-01-06] (Google Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MA101 Configuration Utility .lnk
ShortcutTarget: MA101 Configuration Utility .lnk -> C:\Program Files (x86)\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe (ATMEL)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shorecrest.org/
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://shorecrest.haikulearning.com/do/account/login?src=%2Fu%2Fmartinwi%2Fportal
https://1137netclass.blackbaudondemand.com/NetClassroom7/Forms/login.aspx?ReturnUrl=%2fNetClassroom7%2fForms%2fNCShell.aspx
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shorecrest.org/
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://shorecrest.haikulearning.com/do/account/login?src=%2Fu%2Fmartinwi%2Fportal
https://1137netclass.blackbaudondemand.com/NetClassroom7/Forms/login.aspx?ReturnUrl=%2fNetClassroom7%2fForms%2fNCShell.aspx
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000 -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek.com/?prt=bscsk50r1&keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek.com/?prt=bscsk50r1&keywords={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-22] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-27] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-22] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-27] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-12-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-20]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-08]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (NationStates++) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgdpgjockahmkhjgcfidmlahiicmagj [2015-02-22]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
CHR HKU\S-1-5-21-108654267-847054178-3686088323-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-08]
CHR HKU\S-1-5-21-108654267-847054178-3686088323-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Owner\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-08]
CHR HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-22] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10571056 2014-07-09] (DisplayLink Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-23] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-22] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.6.56275.0.sys [46384 2014-07-10] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-02] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-03-03] (Sierra Wireless Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 21:55 - 2015-03-07 21:56 - 00000000 ____D () C:\FRST
2015-03-07 02:45 - 2015-03-07 02:46 - 35061717 _____ () C:\Users\Owner\Desktop\Final NHD Project 1.4.wmv
2015-03-07 02:36 - 2015-03-07 02:36 - 02911113 _____ () C:\Users\Owner\Downloads\IMG_1870 (2).MOV
2015-03-07 02:36 - 2015-03-07 02:36 - 02911113 _____ () C:\Users\Owner\Desktop\IMG_1870 (2).MOV
2015-03-07 02:34 - 2015-03-07 02:34 - 02911113 _____ () C:\Users\Owner\Downloads\IMG_1870 (1).MOV
2015-03-07 02:34 - 2015-03-07 02:34 - 02911113 _____ () C:\Users\Owner\Desktop\IMG_1870 (1).MOV
2015-03-07 02:33 - 2015-03-07 02:33 - 02911113 _____ () C:\Users\Owner\Downloads\IMG_1870.MOV
2015-03-07 02:33 - 2015-03-07 02:33 - 02911113 _____ () C:\Users\Owner\Desktop\IMG_1870.MOV
2015-03-07 02:23 - 2015-03-07 02:49 - 00039104 _____ () C:\Users\Owner\Desktop\Final NHD Project 1.3.wlmp
2015-03-07 02:21 - 2015-03-07 02:23 - 48325567 _____ () C:\Users\Owner\Desktop\Final NHD Project 1.2.wmv
2015-03-07 02:06 - 2015-03-07 02:09 - 57259126 _____ () C:\Users\Owner\Desktop\Final NHD Project 1.1.mp4
2015-03-07 02:01 - 2015-03-07 02:23 - 00038209 _____ () C:\Users\Owner\Desktop\Final NHD Project 1.wlmp
2015-03-07 01:49 - 2015-03-07 01:49 - 11840522 _____ () C:\Users\Owner\Downloads\MOV_1341.MOV.mov
2015-03-07 01:49 - 2015-03-07 01:49 - 01207166 _____ () C:\Users\Owner\Desktop\Conclusion Clip.m4a
2015-03-07 01:48 - 2015-03-07 02:00 - 00038167 _____ () C:\Users\Owner\Desktop\NHD Project Almost Done.wlmp
2015-03-07 01:33 - 2015-03-07 01:33 - 00008534 _____ () C:\Users\Owner\Desktop\separation-of-church-and-state.jpeg
2015-03-07 01:20 - 2015-03-07 01:20 - 00021989 _____ () C:\Users\Owner\Downloads\IMG_1980.MOV
2015-03-07 01:20 - 2015-03-07 01:20 - 00021989 _____ () C:\Users\Owner\Desktop\IMG_1980.MOV
2015-03-07 00:12 - 2015-03-07 00:12 - 12636198 _____ () C:\Users\Owner\Desktop\USETHIS.m4a
2015-03-06 23:53 - 2015-03-06 23:55 - 101661243 _____ () C:\Users\Owner\Desktop\NHD Ataturk4.wmv
2015-03-06 23:52 - 2015-03-06 23:52 - 00023799 _____ () C:\Users\Owner\Documents\NHD Ataturk3.wlmp
2015-03-06 23:38 - 2015-03-06 23:38 - 00000000 ____D () C:\Users\Owner\Documents\Any Video Converter
2015-03-06 23:37 - 2015-03-06 23:37 - 34592048 _____ (Any-Video-Converter.com ) C:\Users\Owner\Desktop\avc-free.exe
2015-03-06 23:36 - 2015-03-06 23:36 - 12450941 _____ () C:\Users\Owner\Desktop\NHD Ataturk 2.wma
2015-03-06 23:34 - 2015-03-06 23:34 - 12637875 _____ () C:\Users\Owner\Downloads\NHD Ataturk Audio.m4a
2015-03-05 21:48 - 2015-03-06 23:34 - 12637875 _____ () C:\Users\Owner\Desktop\NHD Ataturk Audio.m4a
2015-03-05 21:48 - 2015-03-05 21:48 - 00028476 _____ () C:\Users\Owner\Documents\NHD Ataturk.wlmp
2015-03-05 21:33 - 2015-03-05 21:33 - 02343307 _____ () C:\Users\Owner\Downloads\IMG_1968.MOV
2015-03-05 21:31 - 2015-03-05 21:31 - 01014962 _____ () C:\Users\Owner\Downloads\IMG_1966.MOV
2015-03-05 21:28 - 2015-03-05 21:28 - 01881146 _____ () C:\Users\Owner\Downloads\IMG_1965.MOV
2015-03-05 21:28 - 2015-03-05 21:28 - 01881146 _____ () C:\Users\Owner\Downloads\IMG_1965 (1).MOV
2015-03-05 21:23 - 2015-03-05 21:23 - 07652430 _____ () C:\Users\Owner\Downloads\MOV_3043.MOV (3).mov
2015-03-05 21:23 - 2015-03-05 21:23 - 07652430 _____ () C:\Users\Owner\Downloads\MOV_3043.MOV (2).mov
2015-03-05 21:21 - 2015-03-05 21:21 - 02032853 _____ () C:\Users\Owner\Downloads\Video (39).MOV
2015-03-05 21:21 - 2015-03-05 21:21 - 02032853 _____ () C:\Users\Owner\Downloads\Video (38).MOV
2015-03-05 21:20 - 2015-03-05 21:20 - 01521809 _____ () C:\Users\Owner\Downloads\Video (37).MOV
2015-03-05 21:20 - 2015-03-05 21:20 - 01352588 _____ () C:\Users\Owner\Downloads\IMG_1957.MOV
2015-03-05 21:19 - 2015-03-05 21:19 - 02333122 _____ () C:\Users\Owner\Downloads\IMG_1954.MOV
2015-03-05 21:19 - 2015-03-05 21:19 - 01521809 _____ () C:\Users\Owner\Downloads\Video (36).MOV
2015-03-05 21:19 - 2015-03-05 21:19 - 00368583 _____ () C:\Users\Owner\Downloads\IMG_1943.MOV
2015-03-05 21:19 - 2015-03-05 21:19 - 00368583 _____ () C:\Users\Owner\Downloads\IMG_1943 (1).MOV
2015-03-05 21:18 - 2015-03-05 21:18 - 07652430 _____ () C:\Users\Owner\Downloads\MOV_3043.MOV (1).mov
2015-03-05 21:18 - 2015-03-05 21:18 - 01962154 _____ () C:\Users\Owner\Downloads\IMG_1928 (3).MOV
2015-03-05 21:17 - 2015-03-05 21:17 - 01962154 _____ () C:\Users\Owner\Downloads\IMG_1928.MOV
2015-03-05 21:17 - 2015-03-05 21:17 - 01962154 _____ () C:\Users\Owner\Downloads\IMG_1928 (2).MOV
2015-03-05 21:17 - 2015-03-05 21:17 - 01962154 _____ () C:\Users\Owner\Downloads\IMG_1928 (1).MOV
2015-03-05 21:17 - 2015-03-05 21:17 - 00294939 _____ () C:\Users\Owner\Downloads\Video (35).MOV
2015-03-05 21:17 - 2015-03-05 21:17 - 00294939 _____ () C:\Users\Owner\Downloads\Video (34).MOV
2015-03-05 20:45 - 2015-03-05 20:45 - 07652430 _____ () C:\Users\Owner\Downloads\MOV_3043.MOV.mov
2015-03-05 20:44 - 2015-03-05 20:44 - 09597993 _____ () C:\Users\Owner\Downloads\MOV_4425.MOV (2).mov
2015-03-05 20:41 - 2015-03-05 20:41 - 09597993 _____ () C:\Users\Owner\Downloads\MOV_4425.MOV (1).mov
2015-03-05 20:40 - 2015-03-05 20:40 - 09597993 _____ () C:\Users\Owner\Downloads\MOV_4425.MOV.mov
2015-03-05 19:36 - 2015-03-05 19:36 - 00303937 _____ () C:\Users\Owner\Downloads\IMG_1922.MOV
2015-03-05 19:34 - 2015-03-05 19:34 - 02106044 _____ () C:\Users\Owner\Downloads\IMG_1919.MOV
2015-03-05 19:34 - 2015-03-05 19:34 - 01030115 _____ () C:\Users\Owner\Downloads\IMG_1920.MOV
2015-03-05 19:31 - 2015-03-05 19:31 - 00880312 _____ () C:\Users\Owner\Downloads\IMG_1916.MOV
2015-03-05 19:31 - 2015-03-05 19:31 - 00559217 _____ () C:\Users\Owner\Downloads\IMG_1917.MOV
2015-03-05 19:29 - 2015-03-05 19:29 - 02037454 _____ () C:\Users\Owner\Downloads\IMG_1914.MOV
2015-03-05 19:21 - 2015-03-05 19:21 - 00430941 _____ () C:\Users\Owner\Downloads\IMG_1909.MOV
2015-03-05 19:16 - 2015-03-05 19:16 - 00063349 _____ () C:\Users\Owner\Documents\TestingAudio.wma
2015-03-05 19:05 - 2015-03-05 19:05 - 00814636 _____ () C:\Users\Owner\Downloads\IMG_1906.MOV
2015-03-05 18:56 - 2015-03-05 18:56 - 02564625 _____ () C:\Users\Owner\Downloads\Video (30).MOV
2015-03-05 18:56 - 2015-03-05 18:56 - 02205560 _____ () C:\Users\Owner\Downloads\Video (28).MOV
2015-03-05 18:56 - 2015-03-05 18:56 - 02084880 _____ () C:\Users\Owner\Downloads\IMG_1899 (1).MOV
2015-03-05 18:56 - 2015-03-05 18:56 - 01931087 _____ () C:\Users\Owner\Downloads\Video (31).MOV
2015-03-05 18:56 - 2015-03-05 18:56 - 01887084 _____ () C:\Users\Owner\Downloads\Video (33).MOV
2015-03-05 18:56 - 2015-03-05 18:56 - 01526948 _____ () C:\Users\Owner\Downloads\Video (32).MOV
2015-03-05 18:56 - 2015-03-05 18:56 - 00686142 _____ () C:\Users\Owner\Downloads\Video (29).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 03412184 _____ () C:\Users\Owner\Downloads\Video (23).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 01453526 _____ () C:\Users\Owner\Downloads\Video (25).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 01176781 _____ () C:\Users\Owner\Downloads\Video (19).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00840549 _____ () C:\Users\Owner\Downloads\Video (24).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00820571 _____ () C:\Users\Owner\Downloads\Video (22).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00740249 _____ () C:\Users\Owner\Downloads\Video (27).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00740249 _____ () C:\Users\Owner\Downloads\Video (26).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00629400 _____ () C:\Users\Owner\Downloads\IMG_1887.MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00478966 _____ () C:\Users\Owner\Downloads\Video (18).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00473189 _____ () C:\Users\Owner\Downloads\Video (21).MOV
2015-03-05 18:55 - 2015-03-05 18:55 - 00319085 _____ () C:\Users\Owner\Downloads\Video (20).MOV
2015-03-05 18:54 - 2015-03-05 18:54 - 03902282 _____ () C:\Users\Owner\Downloads\Video (15).MOV
2015-03-05 18:54 - 2015-03-05 18:54 - 01608049 _____ () C:\Users\Owner\Downloads\Video (14).MOV
2015-03-05 18:54 - 2015-03-05 18:54 - 00576299 _____ () C:\Users\Owner\Downloads\Video (16).MOV
2015-03-05 18:54 - 2015-03-05 18:54 - 00501408 _____ () C:\Users\Owner\Downloads\Video (17).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 01851817 _____ () C:\Users\Owner\Downloads\Video (9).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 01851817 _____ () C:\Users\Owner\Downloads\IMG_1875 (2).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 01608049 _____ () C:\Users\Owner\Downloads\Video (13).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 01051793 _____ () C:\Users\Owner\Downloads\Video (12).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 00772418 _____ () C:\Users\Owner\Downloads\Video (11).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 00647659 _____ () C:\Users\Owner\Downloads\Video (10).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 00557135 _____ () C:\Users\Owner\Downloads\IMG_1878 (1).MOV
2015-03-05 18:53 - 2015-03-05 18:53 - 00449114 _____ () C:\Users\Owner\Downloads\IMG_1874 (1).MOV
2015-03-05 18:52 - 2015-03-05 18:52 - 02084880 _____ () C:\Users\Owner\Downloads\IMG_1899.MOV
2015-03-05 18:51 - 2015-03-05 18:51 - 03902282 _____ () C:\Users\Owner\Downloads\Video (5).MOV
2015-03-05 18:51 - 2015-03-05 18:51 - 01668505 _____ () C:\Users\Owner\Downloads\Video (7).MOV
2015-03-05 18:51 - 2015-03-05 18:51 - 01608049 _____ () C:\Users\Owner\Downloads\Video (4).MOV
2015-03-05 18:51 - 2015-03-05 18:51 - 01051793 _____ () C:\Users\Owner\Downloads\Video (3).MOV
2015-03-05 18:51 - 2015-03-05 18:51 - 00576299 _____ () C:\Users\Owner\Downloads\Video (6).MOV
2015-03-05 18:51 - 2015-03-05 18:51 - 00501408 _____ () C:\Users\Owner\Downloads\Video (8).MOV
2015-03-05 18:50 - 2015-03-05 18:50 - 01851817 _____ () C:\Users\Owner\Downloads\IMG_1875 (1).MOV
2015-03-05 18:50 - 2015-03-05 18:50 - 00557135 _____ () C:\Users\Owner\Downloads\IMG_1878.MOV
2015-03-05 18:50 - 2015-03-05 18:50 - 00449114 _____ () C:\Users\Owner\Downloads\IMG_1874.MOV
2015-03-05 18:49 - 2015-03-05 18:49 - 01851817 _____ () C:\Users\Owner\Downloads\Video.MOV
2015-03-05 18:49 - 2015-03-05 18:49 - 01851817 _____ () C:\Users\Owner\Downloads\IMG_1875.MOV
2015-03-05 18:49 - 2015-03-05 18:49 - 00772418 _____ () C:\Users\Owner\Downloads\Video (2).MOV
2015-03-05 18:49 - 2015-03-05 18:49 - 00647659 _____ () C:\Users\Owner\Downloads\Video (1).MOV
2015-03-04 22:32 - 2015-03-04 22:32 - 00000435 _____ () C:\Users\Owner\Desktop\Dragon Dens.lnk
2015-03-04 22:31 - 2015-03-04 22:31 - 00000576 _____ () C:\Users\Owner\Desktop\Dragon Dens .lnk
2015-03-03 16:22 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:22 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:22 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:22 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-01 20:11 - 2015-03-01 20:11 - 00167936 _____ () C:\Users\Owner\Downloads\09_Clicker_Questions.ppt
2015-02-28 19:39 - 2015-02-28 19:39 - 04630296 _____ () C:\Users\Owner\Downloads\TechnicLauncher.exe
2015-02-27 23:15 - 2015-02-27 23:15 - 00000441 _____ () C:\Users\Owner\Desktop\Funny.lnk
2015-02-25 23:36 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 23:36 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 20:33 - 2015-02-25 20:37 - 00000711 _____ () C:\Users\Owner\Desktop\All City Spots and Trade Routes + Editing.lnk
2015-02-23 22:10 - 2015-02-23 22:10 - 00000221 _____ () C:\Users\Owner\Desktop\Victoria II.url
2015-02-23 21:53 - 2015-02-23 21:53 - 00000000 ____D () C:\Users\Owner\Desktop\EU4toV2
2015-02-23 21:53 - 2015-02-23 21:53 - 00000000 ____D () C:\Users\Owner\Desktop\Docs
2015-02-23 21:53 - 2015-02-23 21:53 - 00000000 ____D () C:\Users\Owner\Desktop\Configuration
2015-02-22 20:29 - 2015-02-22 20:38 - 00000000 ____D () C:\Users\Owner\Documents\TicTacToe
2015-02-19 16:14 - 2015-02-19 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Steam
2015-02-16 20:58 - 2015-02-16 20:58 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT
2015-02-16 20:47 - 2015-02-16 20:56 - 228940280 _____ (AGOT TEAM ) C:\Users\Owner\Downloads\CK2-AGOT_setup_0.9.2.exe
2015-02-12 20:47 - 2015-02-12 20:47 - 00002758 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2015-02-12 20:46 - 2015-02-12 20:46 - 00220969 _____ () C:\Users\Owner\Desktop\PetraDrawing.svg
2015-02-12 20:46 - 2015-02-12 20:46 - 00220057 _____ () C:\Users\Owner\Desktop\PetraDrawing2.svg
2015-02-11 19:01 - 2015-02-11 19:01 - 00000056 _____ () C:\Users\Owner\Desktop\http---i.imgur.com-5JdFXx6.png.url
2015-02-11 17:32 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 17:32 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:32 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 17:32 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 18:53 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 18:53 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 18:53 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 18:53 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 18:53 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 18:53 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 18:53 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 18:53 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 18:53 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 18:53 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 18:53 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 18:53 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 18:53 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 18:53 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 18:53 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 18:53 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 18:53 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 18:53 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 18:53 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 18:53 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 18:53 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 18:53 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 18:53 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 18:53 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 18:52 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 18:52 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 18:52 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 18:52 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 18:52 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 18:52 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 18:52 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 18:52 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 18:52 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 18:52 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 18:52 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 18:52 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 18:52 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 18:52 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 18:52 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 18:52 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 18:52 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 18:52 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 18:52 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 18:52 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 18:52 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 18:52 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 18:52 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 18:52 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 18:52 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 18:52 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 18:52 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 18:52 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 18:52 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 18:52 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 18:52 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 18:52 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 18:52 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 18:52 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 18:52 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 18:52 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 18:52 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 18:52 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 18:52 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 18:52 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 18:52 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 18:52 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 18:52 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 18:52 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 18:52 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 18:52 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 18:52 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 18:52 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 18:52 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 18:52 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 18:52 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 18:52 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 18:52 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 18:52 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 18:52 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 18:52 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 18:52 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 18:52 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 18:52 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 18:52 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 18:52 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 18:52 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 18:52 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 18:52 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 18:52 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 18:52 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 18:52 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 18:52 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 18:52 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 18:52 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 18:52 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 18:52 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 18:52 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 18:52 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 18:52 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 18:52 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 18:52 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 18:52 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 18:52 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 18:52 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 18:52 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 18:52 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 18:52 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 18:52 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 18:52 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 18:52 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 18:52 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 18:52 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-09 19:16 - 2015-02-09 19:18 - 00000000 ____D () C:\Users\Owner\Documents\Testing
2015-02-06 20:24 - 2015-02-06 20:24 - 00000715 _____ () C:\Users\Owner\Desktop\StarCitizen.lnk
2015-02-06 20:24 - 2015-02-06 20:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-02-06 20:21 - 2015-02-06 20:22 - 32802904 _____ () C:\Users\Owner\Downloads\StarCitizenInstaller.exe
2015-02-06 19:47 - 2015-02-06 19:47 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2015-02-06 16:51 - 2015-02-06 16:51 - 00000222 _____ () C:\Users\Owner\Desktop\Transformice.url
2015-02-06 16:51 - 2015-02-06 16:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\steam.transformice.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 21:52 - 2012-12-25 21:09 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2015-03-07 21:39 - 2012-12-25 07:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2015-03-07 21:39 - 2012-12-25 07:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-07 21:33 - 2015-01-24 13:05 - 00003274 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-108654267-847054178-3686088323-1000
2015-03-07 21:26 - 2012-12-25 07:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 21:26 - 2012-12-25 07:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 21:13 - 2014-08-17 15:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 21:13 - 2014-06-20 13:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Pokki
2015-03-07 21:13 - 2014-01-18 17:15 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Spotify
2015-03-07 21:01 - 2014-08-15 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 20:59 - 2009-07-13 23:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 20:59 - 2009-07-13 23:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 20:57 - 2009-07-14 00:13 - 00862764 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 20:55 - 2012-12-25 01:39 - 01711059 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 20:52 - 2014-12-13 12:21 - 00035804 _____ () C:\Windows\setupact.log
2015-03-07 20:52 - 2014-01-05 14:37 - 00000000 ___RD () C:\Users\Owner\Google Drive
2015-03-07 20:52 - 2013-10-27 11:20 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-03-07 20:52 - 2013-10-27 11:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-03-07 20:52 - 2012-12-25 21:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-07 20:51 - 2012-12-25 02:24 - 00280254 _____ () C:\Windows\PFRO.log
2015-03-07 20:51 - 2012-12-24 14:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 20:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 19:07 - 2012-12-25 05:35 - 00000000 ____D () C:\Windows\Panther
2015-03-05 20:50 - 2013-09-09 19:40 - 00000350 _____ () C:\Windows\BRRBCOM.INI
2015-03-05 20:01 - 2012-12-26 10:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2015-03-04 20:27 - 2014-07-02 16:02 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-04 19:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 16:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-03 08:17 - 2012-12-25 07:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-28 19:39 - 2014-05-06 19:32 - 00000000 ____D () C:\Users\Owner\Desktop\Games (Desktop)
2015-02-28 19:39 - 2013-04-18 15:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.technic
2015-02-27 22:51 - 2012-12-26 10:18 - 00000000 ____D () C:\Users\Owner\Documents\SimCity 4
2015-02-27 22:32 - 2014-05-23 18:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Tropico 5
2015-02-27 16:35 - 2013-11-12 17:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-27 16:34 - 2014-10-14 18:03 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-27 16:34 - 2014-10-14 18:03 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-27 16:34 - 2014-10-14 18:03 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-27 16:34 - 2014-10-14 18:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-27 16:34 - 2013-03-31 08:02 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-26 20:30 - 2014-06-20 13:10 - 00002277 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-02-26 16:19 - 2012-12-25 21:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2015-02-23 22:29 - 2012-12-25 07:57 - 00411322 _____ () C:\Windows\DirectX.log
2015-02-23 22:24 - 2014-05-19 19:43 - 00007618 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2015-02-23 22:20 - 2012-12-25 21:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-23 22:20 - 2012-12-25 21:09 - 00000000 ____D () C:\ProgramData\Skype
2015-02-23 22:10 - 2012-12-25 21:55 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-23 21:57 - 2015-02-01 11:06 - 00273920 _____ () C:\Users\Owner\Desktop\ParadoxConverters.Frontend.Core.pdb
2015-02-23 21:57 - 2015-02-01 11:06 - 00133632 _____ () C:\Users\Owner\Desktop\ParadoxConverters.Frontend.Core.dll
2015-02-23 21:57 - 2015-01-16 17:18 - 00062128 _____ () C:\Users\Owner\Desktop\System.Windows.Interactivity.xml
2015-02-23 21:57 - 2015-01-16 17:18 - 00055904 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\System.Windows.Interactivity.dll
2015-02-23 21:53 - 2015-02-01 11:06 - 00038400 _____ () C:\Users\Owner\Desktop\ConverterFrontend.pdb
2015-02-23 21:53 - 2015-02-01 11:06 - 00013312 _____ () C:\Users\Owner\Desktop\ConverterFrontend.exe
2015-02-23 21:53 - 2015-02-01 11:05 - 00023168 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\ConverterFrontend.vshost.exe
2015-02-23 21:53 - 2015-01-16 17:18 - 00208384 _____ () C:\Users\Owner\Desktop\Caliburn.Micro.Platform.pdb
2015-02-23 21:53 - 2015-01-16 17:18 - 00175616 _____ () C:\Users\Owner\Desktop\Caliburn.Micro.pdb
2015-02-23 21:53 - 2015-01-16 17:18 - 00092128 _____ () C:\Users\Owner\Desktop\Caliburn.Micro.Platform.xml
2015-02-23 21:53 - 2015-01-16 17:18 - 00085216 _____ () C:\Users\Owner\Desktop\Caliburn.Micro.xml
2015-02-23 21:53 - 2015-01-16 17:18 - 00082944 _____ (Blue Spire Consulting, Inc.) C:\Users\Owner\Desktop\Caliburn.Micro.Platform.dll
2015-02-23 21:53 - 2015-01-16 17:18 - 00049664 _____ (Blue Spire Consulting, Inc.) C:\Users\Owner\Desktop\Caliburn.Micro.dll
2015-02-23 21:53 - 2013-06-18 04:28 - 00000490 _____ () C:\Users\Owner\Desktop\ConverterFrontend.vshost.exe.manifest
2015-02-23 18:20 - 2013-03-05 15:29 - 00000000 ____D () C:\ProgramData\Origin
2015-02-23 18:20 - 2013-03-05 15:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-23 16:46 - 2014-03-22 17:13 - 00000000 ____D () C:\Program Files (x86)\AppInventor
2015-02-20 10:05 - 2014-01-18 17:15 - 00000000 ____D () C:\Users\Owner\AppData\Local\Spotify
2015-02-16 21:01 - 2013-09-01 13:05 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-14 14:51 - 2013-10-27 11:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 19:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 20:46 - 2012-12-25 01:39 - 00000000 ____D () C:\Users\Owner
2015-02-11 17:25 - 2014-12-10 18:05 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 17:25 - 2014-04-30 20:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 17:25 - 2009-07-13 23:45 - 00348664 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 17:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-10 23:32 - 2012-12-26 08:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-10 23:32 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-10 23:31 - 2013-08-13 21:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 23:31 - 2013-06-16 15:11 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-10 23:31 - 2013-06-16 15:11 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-10 23:31 - 2013-06-16 15:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-10 23:31 - 2013-06-16 15:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-10 23:27 - 2012-12-25 07:36 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 20:26 - 2015-01-17 21:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 19:54 - 2015-02-02 18:34 - 00000000 ____D () C:\Users\Owner\Documents\HomeworkCode
2015-02-09 19:12 - 2015-01-08 17:58 - 00000000 ____D () C:\Users\Owner\Documents\BlueJ Method Project
2015-02-06 20:23 - 2014-11-26 16:26 - 00000000 ____D () C:\temp
2015-02-06 20:23 - 2014-08-14 10:52 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-06 16:42 - 2014-02-22 15:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SpaceEngineers

==================== Files in the root of some directories =======

2014-11-26 16:32 - 2014-11-26 16:32 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 20:47 - 2015-02-12 20:47 - 0002758 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2014-05-19 19:43 - 2015-02-23 22:24 - 0007618 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Owner\AppData\Local\setup.txt

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\ammemb.dll
C:\Users\Owner\AppData\Local\Temp\ammemb64.dll
C:\Users\Owner\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7350006.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8qu8u.dll
C:\Users\Owner\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
C:\Users\Owner\AppData\Local\Temp\oct5918.tmp.exe
C:\Users\Owner\AppData\Local\Temp\oct626B.tmp.exe
C:\Users\Owner\AppData\Local\Temp\oct676A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\oct7703.tmp.exe
C:\Users\Owner\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Owner\AppData\Local\Temp\_is5B0.exe
C:\Users\Owner\AppData\Local\Temp\_is852C.exe
C:\Users\Owner\AppData\Local\Temp\_is85F6.exe
C:\Users\Owner\AppData\Local\Temp\_isA756.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-05 21:07

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Owner at 2015-03-07 21:56:28
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\35T3ADO5
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
A Game of Thrones version 0.9.2 (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.9.2 - AGOT TEAM)
A Game of Thrones version 0.9.2 (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.9.2 - AGOT TEAM)
Actual Multiple Monitors 8.2.2 (HKLM-x32\...\Actual Multiple Monitors_is1) (Version: 8.2.2 - Actual Tools)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Pokki_9e3260feb1b61bcd3d67c329c90471e0cbd123ec) (Version: 1.1.2 - Pokki)
Amazon (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_9e3260feb1b61bcd3d67c329c90471e0cbd123ec) (Version: 1.1.2 - Pokki)
AppInventor Setup (HKLM-x32\...\AppInventor Setup) (Version: 2.2 - Massachusetts Institute of Technology)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9340CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
DisplayLink Core Software (HKLM\...\{89E40591-0404-4769-88E7-F649C95AE151}) (Version: 7.6.56275.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DF91EDDE-AC1C-4E29-8344-44B49476AF55}) (Version: 7.0.42631.0 - DisplayLink Corp.)
Dropbox (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Elder Kings CK2 Total Conversion (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Elder Kings CK2 Total Conversion 0.1.4b) (Version: 0.1.4b - Elder Kings Team)
Elder Kings CK2 Total Conversion (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Elder Kings CK2 Total Conversion 0.1.5) (Version: 0.1.5 - Elder Kings Team)
Elder Kings CK2 Total Conversion (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Elder Kings CK2 Total Conversion 0.1.4b) (Version: 0.1.4b - Elder Kings Team)
Elder Kings CK2 Total Conversion (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Elder Kings CK2 Total Conversion 0.1.5) (Version: 0.1.5 - Elder Kings Team)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Farming Simulator 2011 (HKLM-x32\...\FarmingSimulator2011EN_is1) (Version: 1.0 - GIANTS Software)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Game Dev Tycoon version 1.3.8 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.3.8 - Greenheart Games Pty. Ltd.)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMyPC (HKLM\...\{260BCAC0-8BF7-40E2-92C1-7B106FD1116B}) (Version: 8.1.1337 - Citrix Online)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
MA101 USB Adapter Configuration Utility (HKLM-x32\...\{B46834CC-141E-11D5-A76F-0030AB007078}) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Myst Masterpiece Edition (HKLM-x32\...\{7D1CE80E-3EAE-441E-BE97-625F9ABD07D9}) (Version:  - )
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.13 - NETGEAR Inc.)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.13.85 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pokki (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Pokki) (Version: 0.269.7.513 - Pokki)
Pokki (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki) (Version: 0.269.7.513 - Pokki)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Scratch (HKLM-x32\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization III: Complete (HKLM-x32\...\Steam App 3910) (Version:  - Firaxis Games)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
SimCity 4 Deluxe (HKLM-x32\...\SimCity 4 Deluxe) (Version:  - GameStop)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SimCity™ Societies (HKLM-x32\...\{9B0F9788-3141-4009-846E-52E59843E963}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ Societies (x32 Version: 1.0.0.0 - Electronic Arts) Hidden
SimCity™ Societies Destinations (HKLM-x32\...\{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}) (Version: 1.0.0.1 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Star Conflict Launcher 1.0.1.18 (HKLM-x32\...\StarConflictLauncher_is1) (Version:  - )
Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Political Machine 2008 (HKLM-x32\...\The Political Machine 2008) (Version:  - Stardock Entertainment, Inc.)
The Political Machine 2008 (x32 Version: 1.00 - Stardock Entertainment, Inc.) Hidden
The Sims Carnival SnapCity (HKLM-x32\...\{DF0B1D6F-DEC5-4831-00B7-FC2ACB464C31}) (Version:  - Electronic Arts)
The Sims 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.50.56 - Electronic Arts)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
Transformice (HKLM-x32\...\Steam App 335240) (Version:  - Atelier 801)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version:  - Haemimont Games)
Victoria 2 - DEMO (HKLM-x32\...\{DF0E4DF7-8AFF-4273-BDFB-9E01E8821123}) (Version:  - )
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
Wargame: Red Dragon (HKLM-x32\...\Steam App 251060) (Version:  - Eugen Systems)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-108654267-847054178-3686088323-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-03-2015 23:40:08 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {067E544A-87EA-495F-8698-3618E67C722D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {07CE3BEF-4C77-4DCC-A859-92B415FF796A} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {0D73BDD2-5A7C-4C8B-A91E-237DDD2F0C22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {3FFBE0A7-743A-4729-8390-CFD34144691B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-108654267-847054178-3686088323-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6421771D-F35A-48D7-B32A-661225B67DEB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7080ADCF-8C72-441F-B269-1FD395242D22} - System32\Tasks\{858B920C-A40D-4049-8DE6-2AFC4D860317} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B46834CC-141E-11D5-A76F-0030AB007078}\Setup.exe" -c -uninst
Task: {7800A8C3-958B-48FC-AC75-96CE5C3C5E8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-22] (AVAST Software)
Task: {8F7BFD95-6070-4ACA-A4F3-A0238D840560} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-108654267-847054178-3686088323-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9555673B-67C7-4974-A9B0-B3B3D5DC67AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {9F56645F-6C62-4808-8620-13B01F63B12A} - System32\Tasks\avastBCLRestartS-1-5-21-108654267-847054178-3686088323-1000 => Chrome.exe
Task: {A96356DE-2B19-48E9-8C1C-4FB732FCC53B} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {AD5DBE36-E7D8-452B-958E-C6F73AEDC1A2} - System32\Tasks\{74FB1E7D-1780-4321-815B-72819E53963A} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Temp\Temp1_ma101_v2.4.zip\MA101 V2.4\Utility\setup.exe"
Task: {B5CD33E2-16F4-43A7-B9F9-17756834E704} - System32\Tasks\{283AC3E9-0361-4682-B1BB-06964931E778} => pcalua.exe -a "C:\Remote Programs\7 Wonders 2\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=586350;name=7 Wonders II;dir=C:\Remote Programs\7 Wonders 2\;prvid=143;cmdid=1;prvdir=Default
Task: {D740EB9B-48B3-4528-81B1-1D11584A4705} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF0FEC29-FC30-41DF-8831-D5CB3B58161F} - System32\Tasks\{250F1D46-B7EE-4367-ACAB-32702989DFF0} => pcalua.exe -a "C:\Users\Owner\Desktop\MA101 V2.4\setup.exe" -d "C:\Users\Owner\Desktop\MA101 V2.4"
Task: {F89DCD09-7B3D-4366-ADD3-EE6CD9A8F4EF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-12-24 14:02 - 2014-12-13 03:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-09 19:39 - 2005-04-21 23:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-11-14 08:12 - 2013-11-14 08:12 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2015-03-07 18:52 - 2015-03-07 18:52 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030701\algo.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-12 16:10 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 16:55 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 16:55 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 16:55 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-21 18:13 - 2015-02-18 18:51 - 02360000 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 15:05 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 15:05 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 15:05 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 15:05 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-28 15:05 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-12-25 21:42 - 2015-02-18 18:51 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2015-03-07 20:52 - 2015-03-07 20:52 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32api.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\pywintypes27.dll
2015-03-07 20:52 - 2015-03-07 20:52 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\pythoncom27.dll
2015-03-07 20:52 - 2015-03-07 20:52 - 00045568 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\_socket.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 01160704 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\_ssl.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32com.shell.shell.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00713216 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\_hashlib.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._core_.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._gdi_.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._windows_.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._controls_.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._misc_.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\pysqlite2._sqlite.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\_elementtree.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\pyexpat.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\_ctypes.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32file.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32security.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00007168 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\hashobjs_ext.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00167936 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32gui.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32event.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32inet.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32crypt.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._html2.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00027136 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\_multiprocessing.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32process.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\unicodedata.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._wizard.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32pipe.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32pdh.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\windows._lib_cacheinvalidation.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\select.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32profile.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\win32ts.pyd
2015-03-07 20:52 - 2015-03-07 20:52 - 00078336 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI47043\wx._animate.pyd
2012-12-25 21:42 - 2015-01-27 20:30 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-11-13 05:22 - 2013-11-13 05:22 - 00467456 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-11-10 20:57 - 2013-11-10 20:57 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 20:59 - 2013-11-10 20:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-11-10 21:01 - 2013-11-10 21:01 - 00632320 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-11-13 22:53 - 2013-11-13 22:53 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 04:05 - 2013-11-13 04:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 20:58 - 2013-11-10 20:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 21:09 - 2013-11-10 21:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-11-10 21:13 - 2013-11-10 21:13 - 08557056 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-11-13 05:17 - 2013-11-13 05:17 - 01269248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 20:59 - 2013-11-10 20:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-11-10 21:17 - 2013-11-10 21:17 - 00198656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-11-12 03:07 - 2013-11-12 03:07 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 21:21 - 2013-11-10 21:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 20:58 - 2013-11-10 20:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-11-10 21:18 - 2013-11-10 21:18 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 21:24 - 2013-11-10 21:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 21:23 - 2013-11-10 21:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-07 20:52 - 2015-03-07 20:52 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8qu8u.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-03 23:06 - 2015-01-03 23:06 - 00569856 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-03 23:06 - 2015-01-03 23:06 - 01400846 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-03 23:06 - 2015-01-03 23:06 - 00151054 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-03 23:06 - 2015-01-03 23:06 - 00222734 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\avformat-54.dll
2013-09-09 19:39 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-12-22 12:20 - 2014-12-22 12:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-108654267-847054178-3686088323-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-108654267-847054178-3686088323-500 - Administrator - Disabled)
Guest (S-1-5-21-108654267-847054178-3686088323-501 - Limited - Disabled)
Owner (S-1-5-21-108654267-847054178-3686088323-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 08:52:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 11.0.168.192.in-addr.arpa. PTR Owner-PC.local.

Error: (03/07/2015 08:52:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   18 11.0.168.192.in-addr.arpa. PTR Owner-PC-2.local.

Error: (03/07/2015 06:52:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 11.0.168.192.in-addr.arpa. PTR Owner-PC.local.

Error: (03/07/2015 06:52:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   18 11.0.168.192.in-addr.arpa. PTR Owner-PC-2.local.

Error: (03/04/2015 09:58:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Faulting module name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Exception code: 0xc0000005
Fault offset: 0x00a22cba
Faulting process id: 0x2008
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

Error: (03/04/2015 08:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Faulting module name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Exception code: 0xc0000005
Fault offset: 0x00a22cba
Faulting process id: 0x2b94
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

Error: (03/04/2015 08:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Faulting module name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Exception code: 0xc0000005
Fault offset: 0x00a22cba
Faulting process id: 0x1008
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

Error: (03/04/2015 08:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Faulting module name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Exception code: 0xc0000005
Fault offset: 0x00a22cba
Faulting process id: 0x1cec
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

Error: (03/04/2015 08:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Faulting module name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Exception code: 0xc0000005
Fault offset: 0x00a22cba
Faulting process id: 0x1184
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

Error: (03/04/2015 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Faulting module name: eu4.exe, version: 1.0.0.0, time stamp: 0x54f0982b
Exception code: 0xc0000005
Fault offset: 0x00a22cba
Faulting process id: 0x2acc
Faulting application start time: 0xeu4.exe0
Faulting application path: eu4.exe1
Faulting module path: eu4.exe2
Report Id: eu4.exe3

System errors:
=============
Error: (03/07/2015 09:01:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (03/07/2015 09:01:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/07/2015 08:52:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/07/2015 08:52:04 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%886

 Error Code: 0x80070005

 Error description: Access is denied.

 Reason: %%892

Error: (03/07/2015 07:19:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (03/07/2015 07:17:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/07/2015 07:07:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/07/2015 07:07:56 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%886

 Error Code: 0x80070005

 Error description: Access is denied.

 Reason: %%892

Error: (03/07/2015 07:07:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (03/07/2015 07:07:06 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (03/07/2015 08:52:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 11.0.168.192.in-addr.arpa. PTR Owner-PC.local.

Error: (03/07/2015 08:52:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   18 11.0.168.192.in-addr.arpa. PTR Owner-PC-2.local.

Error: (03/07/2015 06:52:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 11.0.168.192.in-addr.arpa. PTR Owner-PC.local.

Error: (03/07/2015 06:52:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.11:5353   18 11.0.168.192.in-addr.arpa. PTR Owner-PC-2.local.

Error: (03/04/2015 09:58:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.054f0982beu4.exe1.0.0.054f0982bc000000500a22cba200801d056f03cd77004C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe7d357905-c2e3-11e4-93a2-3085a994adb5

Error: (03/04/2015 08:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.054f0982beu4.exe1.0.0.054f0982bc000000500a22cba2b9401d056e4ebc11431C:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exeC:\Program Files (x86)\Steam\SteamApps\common\Europa Universalis IV\eu4.exe2aaa03ec-c2d8-11e4-93a2-3085a994adb5

Error: (03/04/2015 08:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.054f0982beu4.exe1.0.0.054f0982bc000000500a22cba100801d056e4deeae923C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe1e1f3ad9-c2d8-11e4-93a2-3085a994adb5

Error: (03/04/2015 08:33:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.054f0982beu4.exe1.0.0.054f0982bc000000500a22cba1cec01d056e45c8ad35fC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe9b6ff27b-c2d7-11e4-93a2-3085a994adb5

Error: (03/04/2015 08:33:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.054f0982beu4.exe1.0.0.054f0982bc000000500a22cba118401d056e4553aec46C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe9412287e-c2d7-11e4-93a2-3085a994adb5

Error: (03/04/2015 08:33:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eu4.exe1.0.0.054f0982beu4.exe1.0.0.054f0982bc000000500a22cba2acc01d056e44fb03b70C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exeC:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe9043ad1a-c2d7-11e4-93a2-3085a994adb5

==================== Memory info ===========================

Processor: Intel® Core i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16335.01 MB
Available physical RAM: 12231.51 MB
Total Pagefile: 32668.21 MB
Available Pagefile: 28206.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.47 GB) (Free:11.38 GB) NTFS
Drive d: (Companion 5) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF
Drive e: (New Volume) (Fixed) (Total:931.41 GB) (Free:854.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 60F2C843)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 60F2C85B)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: A32F2B29)

==================== End Of Log ============================

Link to post
Share on other sites

Hello and :welcome:

If you've not already done so please start here and post back the 2 log files FRST.txt and Addition.txt

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)

I will go over the logs and get a script to you soon but in the mean time do a total reset of Chrome to stop the embedded ads for now.

Start Chrome and go to chrome://settings/ (paste or type that in the address bar).

Scroll to the bottom and click on "Show advanced settings".

Scroll to the bottom of these and click on Reset settings and then click on Reset in the pop up box.

Link to post
Share on other sites

No no, the updates are great; information on what is happening is always appreciated.

 


 

FIRST STEP >>>>

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show that it is ready to use (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpslenkmnr9.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the log in your next reply.

SECOND STEP >>>>

Turn off or uninstall Google Drive.

The malware is being backed up via Google Drive and will return shortly after removing it. We will deal with this when the adware / malware is completely removed.

THIRD STEP >>>>

Reset Google Chrome once again after turning off Google Drive.

Information to Reply with >>>>

  • The Fixlog.txt log file text.
  • How is the system running now with Drive off and Chrome reset?

Fixlist.txt

Link to post
Share on other sites

Okay, so here's the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by Owner at 2015-03-07 23:34:21 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & DefaultAppPool (Available profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-108654267-847054178-3686088323-1000\...\RunOnce: [Application Restart #2] => C:\Users\Owner\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side- (the data entry has 540 more characters).
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #2] => C:\Users\Owner\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side- (the data entry has 540 more characters).
AppInit_DLLs-x32: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll => "c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.basicseek...ds={searchTerms}
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F42D4712-298F-4502-8668-7B9940C3FB00} URL = http://www.basicseek...ds={searchTerms}
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchURL: Default -> https://www.google.d...?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.c...&q={searchTerms}
CHR Extension: (NationStates++) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgdpgjockahmkhjgcfidmlahiicmagj [2015-02-22]
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]
Task: {07CE3BEF-4C77-4DCC-A859-92B415FF796A} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {7080ADCF-8C72-441F-B269-1FD395242D22} - System32\Tasks\{858B920C-A40D-4049-8DE6-2AFC4D860317} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B46834CC-141E-11D5-A76F-0030AB007078}\Setup.exe" -c -uninst
Task: {9F56645F-6C62-4808-8620-13B01F63B12A} - System32\Tasks\avastBCLRestartS-1-5-21-108654267-847054178-3686088323-1000 => Chrome.exe
Task: {AD5DBE36-E7D8-452B-958E-C6F73AEDC1A2} - System32\Tasks\{74FB1E7D-1780-4321-815B-72819E53963A} => pcalua.exe -a "C:\Users\Owner\AppData\Local\Temp\Temp1_ma101_v2.4.zip\MA101 V2.4\Utility\setup.exe"
Task: {B5CD33E2-16F4-43A7-B9F9-17756834E704} - System32\Tasks\{283AC3E9-0361-4682-B1BB-06964931E778} => pcalua.exe -a "C:\Remote Programs\7 Wonders 2\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=586350;name=7 Wonders II;dir=C:\Remote Programs\7 Wonders 2\;prvid=143;cmdid=1;prvdir=Default
Task: {DF0FEC29-FC30-41DF-8831-D5CB3B58161F} - System32\Tasks\{250F1D46-B7EE-4367-ACAB-32702989DFF0} => pcalua.exe -a "C:\Users\Owner\Desktop\MA101 V2.4\setup.exe" -d "C:\Users\Owner\Desktop\MA101 V2.4"
2015-01-03 23:06 - 2015-01-03 23:06 - 00569856 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-01-03 23:06 - 2015-01-03 23:06 - 01400846 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-01-03 23:06 - 2015-01-03 23:06 - 00151054 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\avutil-51.dll
2015-01-03 23:06 - 2015-01-03 23:06 - 00222734 _____ () C:\Users\Owner\AppData\Local\Pokki\Engine\avformat-54.dll
C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys
2014-11-26 16:32 - 2014-11-26 16:32 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Owner\AppData\Local\Temp\ammemb.dll
C:\Users\Owner\AppData\Local\Temp\ammemb64.dll
C:\Users\Owner\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7350006.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8qu8u.dll
C:\Users\Owner\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Owner\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Owner\AppData\Local\Temp\nvStInst.exe
C:\Users\Owner\AppData\Local\Temp\oct5918.tmp.exe
C:\Users\Owner\AppData\Local\Temp\oct626B.tmp.exe
C:\Users\Owner\AppData\Local\Temp\oct676A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\oct7703.tmp.exe
C:\Users\Owner\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Owner\AppData\Local\Temp\_is5B0.exe
C:\Users\Owner\AppData\Local\Temp\_is852C.exe
C:\Users\Owner\AppData\Local\Temp\_is85F6.exe
C:\Users\Owner\AppData\Local\Temp\_isA756.exe
C:\Remote Programs\7 Wonders 2
C:\Users\Owner\AppData\Local\Pokki
C:\Users\Owner\AppData\Local\Temp\Runner.exe
Reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => value deleted successfully.
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => Value not found.
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #2 => Value not found.
"c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
https://1137netclass...ms/NCShell.aspx => Error: No automatic fix found for this entry.
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value not found.
https://1137netclass...ms/NCShell.aspx => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-108654267-847054178-3686088323-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-108654267-847054178-3686088323-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => Key deleted successfully.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
"HKU\S-1-5-21-108654267-847054178-3686088323-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F42D4712-298F-4502-8668-7B9940C3FB00}" => Key deleted successfully.
HKCR\CLSID\{F42D4712-298F-4502-8668-7B9940C3FB00} => Key not found.
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => Key not found.
HKU\S-1-5-21-108654267-847054178-3686088323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F42D4712-298F-4502-8668-7B9940C3FB00} => Key not found.
HKCR\CLSID\{F42D4712-298F-4502-8668-7B9940C3FB00} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgdpgjockahmkhjgcfidmlahiicmagj => Moved successfully.
DisplayLinkUsbPort => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07CE3BEF-4C77-4DCC-A859-92B415FF796A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07CE3BEF-4C77-4DCC-A859-92B415FF796A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7080ADCF-8C72-441F-B269-1FD395242D22}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7080ADCF-8C72-441F-B269-1FD395242D22}" => Key deleted successfully.
C:\Windows\System32\Tasks\{858B920C-A40D-4049-8DE6-2AFC4D860317} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{858B920C-A40D-4049-8DE6-2AFC4D860317}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F56645F-6C62-4808-8620-13B01F63B12A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F56645F-6C62-4808-8620-13B01F63B12A}" => Key deleted successfully.
C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-108654267-847054178-3686088323-1000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-108654267-847054178-3686088323-1000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD5DBE36-E7D8-452B-958E-C6F73AEDC1A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5DBE36-E7D8-452B-958E-C6F73AEDC1A2}" => Key deleted successfully.
C:\Windows\System32\Tasks\{74FB1E7D-1780-4321-815B-72819E53963A} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74FB1E7D-1780-4321-815B-72819E53963A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5CD33E2-16F4-43A7-B9F9-17756834E704}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5CD33E2-16F4-43A7-B9F9-17756834E704}" => Key deleted successfully.
C:\Windows\System32\Tasks\{283AC3E9-0361-4682-B1BB-06964931E778} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{283AC3E9-0361-4682-B1BB-06964931E778}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF0FEC29-FC30-41DF-8831-D5CB3B58161F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF0FEC29-FC30-41DF-8831-D5CB3B58161F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{250F1D46-B7EE-4367-ACAB-32702989DFF0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{250F1D46-B7EE-4367-ACAB-32702989DFF0}" => Key deleted successfully.
C:\Users\Owner\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Pokki\Engine\avcodec-54.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Pokki\Engine\avutil-51.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Pokki\Engine\avformat-54.dll => Moved successfully.
"C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys" => File/Directory not found.
C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ammemb.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ammemb64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\drm_dialogs.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7350006.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7370007.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\drm_dyndata_7370014.dll => Moved successfully.
"C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr8qu8u.dll" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\oct5918.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\oct626B.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\oct676A.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\oct7703.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\_is5B0.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\_is852C.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\_is85F6.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\_isA756.exe => Moved successfully.
"C:\Remote Programs\7 Wonders 2" => File/Directory not found.
C:\Users\Owner\AppData\Local\Pokki => Moved successfully.
"C:\Users\Owner\AppData\Local\Temp\Runner.exe" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 23:34:33 ====

 

And about Google Drive. When I try to uninstall it, it asks me whether I should allow "2d73f7.msi" from Google Drive make changes to my computer. Should I allow it?

Link to post
Share on other sites

You can allow that msi to uninstall Google Drive.




FIRST STEP >>>> 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[s0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

SECOND STEP >>>>

Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).

 

Information to Reply with >>>>

  • The AdwCleaner[s#].txt log file.
  • The Malwarebytes Antimalware log file.
Link to post
Share on other sites

# AdwCleaner v4.111 - Logfile created 08/03/2015 at 15:23:21
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf
Folder Deleted : C:\Users\Owner\AppData\Local\apn
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Roaming\ARecEngine
Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\e558cdee53dee15
Key Deleted : HKLM\SOFTWARE\e558cdee53dee15
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Google Chrome v41.0.2272.76

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=118564&tt=5212_3&babsrc=SP_ss&mntrId=ecb7a12d0000000000003085a994adb5
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=118564&tt=5212_3&babsrc=SP_ss&mntrId=ecb7a12d0000000000003085a994adb5
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4622 bytes] - [08/03/2015 15:21:07]
AdwCleaner[s0].txt - [4490 bytes] - [08/03/2015 15:23:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4549  bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/8/2015
Scan Time: 3:32:38 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.08.05
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1180890
Time Elapsed: 1 hr, 41 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Babylon.A, C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4LX4PMOZ\babylon[1].exe, Quarantined, [07a258cab4d6fa3c68e547d87789cb35],

Physical Sectors: 0
(No malicious items detected)

(end)

Also, Google Drive is uninstalled and my google chrome settings are reset.

Link to post
Share on other sites

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

start
CreateRestorePoint:
CloseProcesses:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by Owner at 2015-03-08 20:50:18 Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & DefaultAppPool (Available profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
 CreateRestorePoint:
 CloseProcesses:
 cmd: ipconfig /flushdns
 cmd: netsh advfirewall reset
 cmd: netsh advfirewall set allprofiles state on
 RemoveProxy:
 EmptyTemp:
 Reboot:
 end
*****************

Restore point was successfully created.
Processes closed successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= RemoveProxy: =========

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-108654267-847054178-3686088323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-108654267-847054178-3686088323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-108654267-847054178-3686088323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

EmptyTemp: => Removed 5 GB temporary data.

The system needed a reboot.

==== End of Fixlog 20:52:00 ====

So, since you deleted the Temp files Firewall is suddenly asking me whether to allow Dropbox, Skype, and Netgear Genie. I assume I can allow them as normal?

Link to post
Share on other sites

Yes, I should have warned you but the firewall has been reset to default rules.  You can allow your custom program rules as you need to.  :blush:


 

How is your system running now?

 


 

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead.  ESET Online does work with IE 10 and earlier.

You can leave Norton Enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner  <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below.  Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file.  Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please.  Thanks.
 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.