1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] Virus infection Vosteran Hijacker

Discussion in 'Malware Removal Help' started by daveleonard, Dec 4, 2014.

  1. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Dear Sir, this is an update from Win 7 forum title Vosteran Virus. Link: http://computerhelpforums.net/threa...-help-winxp-vista-win7-win8-and-win8-1.41927/

    I have attached the reports, not exactly sure it is complete but I did what I could.
    I actually think the virus is gone but I will leave that up to you. I did find the virus twice in the quarantine section of Mbam and took a copy of it. I also found it when I searched my Chrome Browsers settings in the search area. I deleted it and put the search back to Yahoo. Also, there was not a fix.txt I could send you because the search apparently didn't find anything so it ws not printed.
     

    Attached Files:

  2. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    So far this morning I have not seen the virus pop up and have found no more links to the site. Thanks.
     
  3. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Update: when I went to use my Snipping Tool I got the message that The Vosteran Virus cannot locate the place to put the copy, so I guess it is still around.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
    Ran by dave (administrator) on DAVE-PC on 05-12-2014 08:59:55
    Running from D:\
    Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Reason Software Company Inc.) D:\ShouldIRemoveIt.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-01-23] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [255344 2011-01-21] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2422512 2013-10-01] (Synaptics Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-29] (AVAST Software)
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Run: [Google Update] => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-31] (Google Inc.)
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Run: [GoogleChromeAutoLaunch_86435EA0F6DA4FA63391EC6FBC88C7D2] => C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
    Startup: C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\2znzxkro.default
    FF DefaultSearchEngine: Yahoo
    FF SelectedSearchEngine: Yahoo
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-29]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR CustomProfile: C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Angry Birds) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-10-18]
    CHR Extension: (Google Docs) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
    CHR Extension: (Google Drive) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-31]
    CHR Extension: (YouTube) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]
    CHR Extension: (Snail Bob) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\boojbpjmnagikjmogdflhibdljlpjmob [2014-10-18]
    CHR Extension: (Google Search) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]
    CHR Extension: (Dress Up Games for Girls - Wedding Dress) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhliedfecmflammfejglhcadhclcnlph [2014-10-18]
    CHR Extension: (ZenMate) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-11-09]
    CHR Extension: (Snail Bob 3) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkgbmagflnkghiegfflnhmcnepeiijjl [2014-10-18]
    CHR Extension: (Girl Games - Play Girls Games Online) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhnlfnigjjkiphcnbnpedcpfoggjhba [2014-10-18]
    CHR Extension: (Avast Online Security) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-30]
    CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18]
    CHR Extension: (Snail Bob 4) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikdgohcjheplphhjkngpcjpdcmpbfcl [2014-10-18]
    CHR Extension: (Girl Games) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcceoncgjofiikkkkdobbaagbohdpcfm [2014-10-18]
    CHR Extension: (Vintage Cartoons) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pginbngjpgkcgghffjhibdnkmlkkcgfk [2014-10-18]
    CHR Extension: (Gmail) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-29]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-29] (AVAST Software)
    R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-29] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-29] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-29] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-29] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-29] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-29] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-29] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-29] ()
    R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3254784 2014-01-09] (Qualcomm Atheros Communications, Inc.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2014-12-04] ()
    R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-06] (Intel Corporation)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-06] (Intel Corporation)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-07-18] (Qualcomm Atheros Co., Ltd.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-05] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
    R3 Neo_SoftEtherVPN; C:\Windows\System32\DRIVERS\Neo_0119.sys [26208 2014-11-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799808 2008-12-29] ()
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-08-03] (The OpenVPN Project)
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S3 tapSF0901; system32\DRIVERS\tapSF0901.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-05 08:59 - 2014-12-05 08:59 - 00000000 ____D () C:\FRST
    2014-12-05 08:57 - 2014-12-05 08:57 - 01110016 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe
    2014-12-04 23:33 - 2014-12-04 23:33 - 00000000 ____D () C:\ProgramData\Trymedia
    2014-12-04 14:16 - 2014-12-04 14:17 - 03522512 _____ (DVDVideoSoft Ltd. ) C:\Users\dave\Downloads\FreeVideoToMP3Converter.exe
    2014-12-04 12:40 - 2014-12-04 12:40 - 00001270 _____ () C:\Users\Public\Desktop\herdProtect.lnk
    2014-12-04 12:40 - 2014-12-04 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
    2014-12-04 12:40 - 2014-12-04 12:40 - 00000000 ____D () C:\Program Files\Reason
    2014-12-04 12:38 - 2014-12-04 12:40 - 02515504 _____ (Reason Company Software Inc.) C:\Users\dave\Downloads\herdProtectScan_Setup.exe
    2014-12-04 11:51 - 2014-12-04 11:51 - 00001198 _____ () C:\Users\dave\Desktop\adwcleaner_4.103 - Shortcut.lnk
    2014-12-04 09:18 - 2014-12-04 09:21 - 00000000 ____D () C:\sh4ldr
    2014-12-04 09:15 - 2014-12-04 09:15 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
    2014-12-04 09:11 - 2014-12-04 09:14 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer (1).exe
    2014-12-04 08:57 - 2014-12-04 08:59 - 02154496 _____ () C:\Users\dave\Downloads\adwcleaner_4.103.exe
    2014-12-02 12:12 - 2014-12-05 08:50 - 00004728 _____ () C:\Windows\PFRO.log
    2014-12-02 12:12 - 2014-12-05 08:50 - 00000224 _____ () C:\Windows\setupact.log
    2014-12-02 12:12 - 2014-12-02 12:12 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-02 10:11 - 2014-12-02 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio Entertainment Ltd
    2014-12-02 10:11 - 2014-12-02 10:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Rovio Entertainment Ltd
    2014-12-02 10:10 - 2014-12-02 10:10 - 96157184 _____ (Rovio Entertainment Ltd.) C:\Users\dave\Downloads\AngryBirdsSeasonsInstaller_4.0.1(2).exe
    2014-12-02 09:39 - 2014-12-02 09:47 - 00000064 _____ () C:\Windows\GPlrLanc.dat
    2014-12-02 09:39 - 2014-12-02 09:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-12-02 08:45 - 2014-12-02 08:45 - 00000604 _____ () C:\Users\dave\Desktop\General Knowledge Quiz.lnk
    2014-12-02 08:45 - 2014-12-02 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\General Knowledge Quiz
    2014-12-02 08:44 - 2014-12-02 08:44 - 02085442 _____ (Justgames.ch ) C:\Users\dave\Downloads\quiz2(1).exe
    2014-12-01 18:23 - 2014-12-01 18:23 - 12845501 _____ (Shmehao.com ) C:\Users\dave\Downloads\empires-of-arkeia(1).exe
    2014-12-01 17:44 - 2014-12-01 17:57 - 24785176 _____ () C:\Users\dave\Downloads\MSAoE.exe
    2014-12-01 16:46 - 2014-12-04 09:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-12-01 16:44 - 2014-12-01 16:45 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer.exe
    2014-12-01 16:29 - 2014-12-05 08:51 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-01 16:29 - 2014-12-01 16:36 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-01 16:29 - 2014-12-01 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-01 16:29 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-01 16:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-01 16:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-30 13:21 - 2014-11-30 13:21 - 00000000 ____D () C:\ProgramData\MumboJumbo
    2014-11-29 11:13 - 2014-11-29 11:27 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Realore_Whiterra Roads Of Rome 1.2
    2014-11-29 08:35 - 2014-11-29 08:35 - 00000000 ___RD () C:\Users\dave\Dropbox
    2014-11-29 08:28 - 2014-11-29 18:08 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Dropbox
    2014-11-29 08:18 - 2014-11-29 08:18 - 00002121 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-11-29 08:18 - 2014-11-29 08:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\AVAST Software
    2014-11-29 08:18 - 2014-11-29 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-11-29 08:16 - 2014-11-29 08:18 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-11-29 08:16 - 2014-11-29 08:17 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-11-29 08:16 - 2014-11-29 08:16 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-11-29 08:16 - 2014-11-29 08:16 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-11-29 08:10 - 2014-11-29 08:10 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-11-29 08:08 - 2014-11-29 08:08 - 05006864 _____ (AVAST Software) C:\Users\dave\Downloads\avast_free_antivirus_setup_online.exe
    2014-11-28 17:19 - 2014-11-28 18:18 - 111868152 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mpam-fe.exe
    2014-11-28 13:46 - 2014-11-28 13:46 - 00000477 _____ () C:\Users\dave\Desktop\System - Shortcut.lnk
    2014-11-26 19:07 - 2014-11-26 19:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Islands
    2014-11-20 09:59 - 2014-11-20 09:59 - 00000906 ____R () C:\Users\dave\Documents\BitLocker Recovery Key 924DDCAE-D98A-41F2-B78A-E4C1A847671A.txt
    2014-11-12 09:23 - 2014-11-12 09:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-11 08:04 - 2014-11-11 08:04 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
    2014-11-11 08:04 - 2014-11-11 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-11-11 08:01 - 2014-11-11 08:01 - 00880272 _____ (Google Inc.) C:\Users\dave\Downloads\GoogleEarthSetup.exe
    2014-11-10 17:50 - 2014-11-26 14:16 - 00000081 _____ () C:\Users\dave\Documents\Lords.txt
    2014-11-10 17:30 - 2014-12-05 00:00 - 00000000 ____D () C:\ProgramData\gamehouse
    2014-11-10 17:30 - 2014-11-10 17:30 - 00000000 ____D () C:\Users\dave\AppData\Roaming\gamehouse
    2014-11-10 17:21 - 2014-11-10 17:21 - 00000000 ____D () C:\Users\dave\AppData\Roaming\aliasworlds
    2014-11-10 17:21 - 2014-11-10 17:21 - 00000000 ____D () C:\ProgramData\aliasworlds
    2014-11-10 16:14 - 2014-11-10 16:14 - 00001733 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
    2014-11-10 15:48 - 2008-10-08 10:16 - 00139264 _____ (http://www.xvid.org) C:\Windows\system32\xvid.ax
    2014-11-10 15:42 - 2014-11-10 15:45 - 09120817 _____ (www.easy-video-converter.com ) C:\Users\dave\Downloads\videoconverter.exe
    2014-11-10 15:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2014-11-10 15:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2014-11-10 15:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2014-11-10 15:18 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2014-11-10 15:18 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2014-11-10 15:18 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2014-11-10 15:18 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2014-11-10 15:18 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2014-11-10 15:18 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2014-11-10 15:18 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2014-11-10 15:18 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2014-11-10 15:18 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2014-11-10 15:18 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2014-11-10 15:18 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2014-11-10 15:18 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2014-11-10 15:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2014-11-10 15:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2014-11-10 15:18 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2014-11-10 15:18 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2014-11-10 15:18 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2014-11-10 15:18 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2014-11-10 15:18 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2014-11-10 15:18 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2014-11-10 15:18 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2014-11-10 15:18 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2014-11-10 15:18 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2014-11-10 15:18 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2014-11-10 15:18 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2014-11-10 15:18 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2014-11-10 15:18 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2014-11-10 15:18 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2014-11-10 15:18 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2014-11-10 15:18 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2014-11-10 15:18 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2014-11-10 15:18 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2014-11-10 15:18 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2014-11-10 15:18 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2014-11-10 15:18 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2014-11-10 15:18 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2014-11-10 15:18 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2014-11-10 15:18 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2014-11-10 15:18 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2014-11-10 15:18 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2014-11-10 15:18 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2014-11-10 15:18 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2014-11-10 15:18 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2014-11-10 15:18 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2014-11-10 15:17 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2014-11-10 15:17 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2014-11-10 15:17 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2014-11-10 15:17 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2014-11-10 15:17 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2014-11-10 15:17 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2014-11-10 15:17 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2014-11-10 15:17 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2014-11-10 15:17 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2014-11-10 15:17 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2014-11-10 15:17 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2014-11-10 15:17 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2014-11-10 15:17 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2014-11-10 15:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2014-11-10 15:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2014-11-10 15:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2014-11-10 15:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2014-11-10 15:17 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2014-11-10 15:17 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2014-11-10 15:17 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2014-11-10 15:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2014-11-10 15:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2014-11-10 15:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2014-11-10 15:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2014-11-10 15:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
    2014-11-10 14:59 - 2009-11-26 03:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
    2014-11-10 14:58 - 2014-11-10 15:18 - 00000000 ____D () C:\Windows\system32\directx
    2014-11-10 14:57 - 2014-11-10 14:58 - 00887896 _____ (Microsoft Corporation) C:\Users\dave\Downloads\dotNetFx40_Client_setup.exe
    2014-11-10 14:57 - 2014-11-10 14:57 - 00292184 _____ (Microsoft Corporation) C:\Users\dave\Downloads\dxwebsetup.exe
    2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ____D () C:\Users\dave\Documents\Freemake
    2014-11-10 14:50 - 2014-11-10 14:52 - 32799424 _____ (Any-Video-Converter.com ) C:\Users\dave\Downloads\avc-setup-5.7.3.exe
    2014-11-10 14:36 - 2014-11-10 14:36 - 00000000 ____D () C:\Users\dave\AppData\Roaming\MPC-HC
    2014-11-10 14:33 - 2014-11-10 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2014-11-10 14:33 - 2014-07-23 02:50 - 03510784 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
    2014-11-10 14:33 - 2011-12-08 01:32 - 00216064 _____ ( ) C:\Windows\system32\lagarith.dll
    2014-11-10 14:33 - 2009-09-29 20:57 - 00758018 _____ () C:\Windows\system32\xvidcore.dll
    2014-11-10 14:33 - 2008-12-04 21:46 - 00180224 _____ () C:\Windows\system32\xvidvfw.dll
    2014-11-10 14:32 - 2014-11-10 14:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
    2014-11-10 14:32 - 2014-10-07 02:00 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
    2014-11-10 14:32 - 2014-06-14 22:03 - 00218200 _____ () C:\Windows\system32\unrar.dll
    2014-11-10 14:32 - 2012-07-21 18:54 - 00122880 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
    2014-11-10 14:18 - 2014-11-10 14:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\rmi
    2014-11-10 07:56 - 2014-12-05 08:50 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-10 07:56 - 2014-12-05 08:49 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-10 07:56 - 2014-11-11 08:04 - 00000000 ____D () C:\Program Files\Google
    2014-11-10 07:55 - 2014-11-10 07:55 - 00000733 _____ () C:\Users\dave\Desktop\MiniToolBox - Shortcut.lnk
    2014-11-10 07:55 - 2014-11-10 07:55 - 00000680 _____ () C:\Users\dave\Desktop\FRST - Shortcut.lnk
    2014-11-09 18:41 - 2014-11-09 18:41 - 00002087 _____ () C:\Windows\system32\ipconfig_results.txt
    2014-11-09 18:41 - 2013-08-03 07:06 - 00026624 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2014-11-09 18:27 - 2014-11-09 18:32 - 04436793 _____ (VPN in Touch ) C:\Users\dave\Downloads\VIT_Desktop.exe
    2014-11-09 18:14 - 2014-11-09 18:14 - 00026208 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0119.sys
    2014-11-09 18:10 - 2014-11-09 18:10 - 00133688 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
    2014-11-09 14:00 - 2014-11-09 14:00 - 00000000 ____D () C:\Users\dave\AppData\Roaming\RealArcade
    2014-11-09 12:31 - 2014-11-09 12:31 - 00000000 ____D () C:\Users\dave\AppData\Local\DVDVideoSoft_Ltd
    2014-11-09 12:30 - 2014-11-10 16:14 - 00001201 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2014-11-09 12:30 - 2014-11-10 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    2014-11-09 12:30 - 2014-11-09 12:30 - 00001728 _____ () C:\Users\Public\Desktop\Free Screen Video Recorder.lnk
    2014-11-09 12:29 - 2014-11-10 16:14 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
    2014-11-09 12:28 - 2014-11-10 16:14 - 00000000 ____D () C:\Users\dave\AppData\Roaming\DVDVideoSoft
    2014-11-08 18:15 - 2014-11-08 18:15 - 00000000 ____D () C:\ProgramData\Enkord
    2014-11-08 18:14 - 2014-11-08 18:14 - 00000017 _____ () C:\Windows\popcinfo.dat
    2014-11-08 17:55 - 2014-11-08 17:55 - 00004096 _____ () C:\Windows\d3dx.dat
    2014-11-08 15:31 - 2014-11-08 15:31 - 00000569 _____ () C:\Users\dave\Desktop\File Shredder.lnk
    2014-11-08 15:31 - 2014-11-08 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
    2014-11-08 15:29 - 2014-11-08 15:30 - 02317839 _____ (PowTools ) C:\Users\dave\Downloads\file_shredder_setup(1).exe
    2014-11-08 14:47 - 2014-11-08 15:04 - 00000000 ____D () C:\SUPERDelete
    2014-11-08 14:45 - 2014-11-08 14:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-11-08 14:30 - 2014-11-08 14:43 - 20210824 _____ (SUPERAntiSpyware) C:\Users\dave\Downloads\SUPERAntiSpyware.exe
    2014-11-06 23:21 - 2014-11-06 23:21 - 00000000 ____D () C:\Windows\XSxS
    2014-11-06 23:21 - 2014-11-06 23:21 - 00000000 ____D () C:\Share
    2014-11-06 11:54 - 2014-12-03 11:54 - 00000506 _____ () C:\Windows\Tasks\VerifiedVPN_NMDInUseCheck.job
    2014-11-06 11:54 - 2014-11-06 13:14 - 00000000 ____D () C:\Users\dave\AppData\Local\VerifiedVPN
    2014-11-05 12:40 - 2014-11-05 12:40 - 00000000 ____D () C:\Users\dave\AppData\Roaming\YoudaGames
    2014-11-05 11:58 - 2014-12-02 10:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Rovio

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-05 08:59 - 2014-12-05 08:59 - 00000000 ____D () C:\FRST
    2014-12-05 08:58 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-05 08:58 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-05 08:57 - 2014-12-05 08:57 - 01110016 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe
    2014-12-05 08:56 - 2014-10-28 08:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-05 08:55 - 2014-10-16 06:38 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-05 08:51 - 2014-12-01 16:29 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-05 08:50 - 2014-12-02 12:12 - 00004728 _____ () C:\Windows\PFRO.log
    2014-12-05 08:50 - 2014-12-02 12:12 - 00000224 _____ () C:\Windows\setupact.log
    2014-12-05 08:50 - 2014-11-10 07:56 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-05 08:50 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-05 08:49 - 2014-11-10 07:56 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-05 08:49 - 2014-10-31 00:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000UA.job
    2014-12-05 00:10 - 2014-10-17 04:57 - 00000621 _____ () C:\Users\dave\Desktop\Arcade Game 2012.lnk
    2014-12-05 00:00 - 2014-11-10 17:30 - 00000000 ____D () C:\ProgramData\gamehouse
    2014-12-04 23:33 - 2014-12-04 23:33 - 00000000 ____D () C:\ProgramData\Trymedia
    2014-12-04 14:17 - 2014-12-04 14:16 - 03522512 _____ (DVDVideoSoft Ltd. ) C:\Users\dave\Downloads\FreeVideoToMP3Converter.exe
    2014-12-04 12:47 - 2014-10-31 00:36 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000Core.job
    2014-12-04 12:40 - 2014-12-04 12:40 - 00001270 _____ () C:\Users\Public\Desktop\herdProtect.lnk
    2014-12-04 12:40 - 2014-12-04 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
    2014-12-04 12:40 - 2014-12-04 12:40 - 00000000 ____D () C:\Program Files\Reason
    2014-12-04 12:40 - 2014-12-04 12:38 - 02515504 _____ (Reason Company Software Inc.) C:\Users\dave\Downloads\herdProtectScan_Setup.exe
    2014-12-04 11:56 - 2014-10-18 02:31 - 00000000 ____D () C:\AdwCleaner
    2014-12-04 11:51 - 2014-12-04 11:51 - 00001198 _____ () C:\Users\dave\Desktop\adwcleaner_4.103 - Shortcut.lnk
    2014-12-04 09:21 - 2014-12-04 09:18 - 00000000 ____D () C:\sh4ldr
    2014-12-04 09:15 - 2014-12-04 09:15 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
    2014-12-04 09:14 - 2014-12-04 09:11 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer (1).exe
    2014-12-04 09:14 - 2014-12-01 16:46 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-12-04 09:13 - 2014-10-18 03:30 - 00000000 ____D () C:\Program Files\Opera
    2014-12-04 08:59 - 2014-12-04 08:57 - 02154496 _____ () C:\Users\dave\Downloads\adwcleaner_4.103.exe
    2014-12-04 08:39 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-03 11:54 - 2014-11-06 11:54 - 00000506 _____ () C:\Windows\Tasks\VerifiedVPN_NMDInUseCheck.job
    2014-12-02 12:32 - 2014-12-02 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio Entertainment Ltd
    2014-12-02 12:12 - 2014-12-02 12:12 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-02 10:12 - 2014-12-02 10:11 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Rovio Entertainment Ltd
    2014-12-02 10:12 - 2014-11-05 11:58 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Rovio
    2014-12-02 10:12 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-02 10:10 - 2014-12-02 10:10 - 96157184 _____ (Rovio Entertainment Ltd.) C:\Users\dave\Downloads\AngryBirdsSeasonsInstaller_4.0.1(2).exe
    2014-12-02 09:47 - 2014-12-02 09:39 - 00000064 _____ () C:\Windows\GPlrLanc.dat
    2014-12-02 09:39 - 2014-12-02 09:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-12-02 08:45 - 2014-12-02 08:45 - 00000604 _____ () C:\Users\dave\Desktop\General Knowledge Quiz.lnk
    2014-12-02 08:45 - 2014-12-02 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\General Knowledge Quiz
    2014-12-02 08:44 - 2014-12-02 08:44 - 02085442 _____ (Justgames.ch ) C:\Users\dave\Downloads\quiz2(1).exe
    2014-12-01 18:38 - 2014-10-28 08:52 - 00000000 ____D () C:\Users\dave\AppData\Local\Adobe
    2014-12-01 18:31 - 2014-10-17 05:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-12-01 18:31 - 2014-10-17 05:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-12-01 18:23 - 2014-12-01 18:23 - 12845501 _____ (Shmehao.com ) C:\Users\dave\Downloads\empires-of-arkeia(1).exe
    2014-12-01 17:57 - 2014-12-01 17:44 - 24785176 _____ () C:\Users\dave\Downloads\MSAoE.exe
    2014-12-01 16:45 - 2014-12-01 16:44 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer.exe
    2014-12-01 16:36 - 2014-12-01 16:29 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-01 16:36 - 2014-12-01 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-01 12:36 - 2014-10-17 05:14 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-12-01 12:36 - 2014-10-17 05:11 - 00002362 ____H () C:\Users\dave\Desktop\Google Chrome.lnk
    2014-11-30 13:21 - 2014-11-30 13:21 - 00000000 ____D () C:\ProgramData\MumboJumbo
    2014-11-29 18:08 - 2014-11-29 08:28 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Dropbox
    2014-11-29 11:27 - 2014-11-29 11:13 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Realore_Whiterra Roads Of Rome 1.2
    2014-11-29 09:08 - 2014-10-17 05:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-11-29 09:07 - 2014-10-17 05:13 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-11-29 08:35 - 2014-11-29 08:35 - 00000000 ___RD () C:\Users\dave\Dropbox
    2014-11-29 08:35 - 2014-10-16 06:32 - 00000000 ____D () C:\Users\dave
    2014-11-29 08:23 - 2014-10-17 05:12 - 00000000 ____D () C:\ProgramData\Adobe
    2014-11-29 08:18 - 2014-11-29 08:18 - 00002121 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-11-29 08:18 - 2014-11-29 08:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\AVAST Software
    2014-11-29 08:18 - 2014-11-29 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-11-29 08:18 - 2014-11-29 08:16 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-11-29 08:17 - 2014-11-29 08:16 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-11-29 08:16 - 2014-11-29 08:16 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-11-29 08:16 - 2014-11-29 08:16 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-11-29 08:10 - 2014-11-29 08:10 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-11-29 08:10 - 2014-10-20 05:40 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-11-29 08:08 - 2014-11-29 08:08 - 05006864 _____ (AVAST Software) C:\Users\dave\Downloads\avast_free_antivirus_setup_online.exe
    2014-11-28 20:00 - 2014-10-20 05:59 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-11-28 18:18 - 2014-11-28 17:19 - 111868152 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mpam-fe.exe
    2014-11-28 13:46 - 2014-11-28 13:46 - 00000477 _____ () C:\Users\dave\Desktop\System - Shortcut.lnk
    2014-11-26 19:12 - 2014-11-26 19:07 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Islands
    2014-11-26 14:16 - 2014-11-10 17:50 - 00000081 _____ () C:\Users\dave\Documents\Lords.txt
    2014-11-24 14:04 - 2014-10-20 06:07 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-11-20 09:59 - 2014-11-20 09:59 - 00000906 ____R () C:\Users\dave\Documents\BitLocker Recovery Key 924DDCAE-D98A-41F2-B78A-E4C1A847671A.txt
    2014-11-16 18:18 - 2014-10-17 05:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-11-12 09:23 - 2014-11-12 09:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-11 13:13 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-11-11 08:04 - 2014-11-11 08:04 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
    2014-11-11 08:04 - 2014-11-11 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-11-11 08:04 - 2014-11-10 07:56 - 00000000 ____D () C:\Program Files\Google
    2014-11-11 08:04 - 2014-10-17 05:11 - 00000000 ____D () C:\Users\dave\AppData\Local\Google
    2014-11-11 08:01 - 2014-11-11 08:01 - 00880272 _____ (Google Inc.) C:\Users\dave\Downloads\GoogleEarthSetup.exe
    2014-11-10 17:30 - 2014-11-10 17:30 - 00000000 ____D () C:\Users\dave\AppData\Roaming\gamehouse
    2014-11-10 17:21 - 2014-11-10 17:21 - 00000000 ____D () C:\Users\dave\AppData\Roaming\aliasworlds
    2014-11-10 17:21 - 2014-11-10 17:21 - 00000000 ____D () C:\ProgramData\aliasworlds
    2014-11-10 16:14 - 2014-11-10 16:14 - 00001733 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
    2014-11-10 16:14 - 2014-11-09 12:30 - 00001201 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2014-11-10 16:14 - 2014-11-09 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    2014-11-10 16:14 - 2014-11-09 12:29 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
    2014-11-10 16:14 - 2014-11-09 12:28 - 00000000 ____D () C:\Users\dave\AppData\Roaming\DVDVideoSoft
    2014-11-10 15:45 - 2014-11-10 15:42 - 09120817 _____ (www.easy-video-converter.com ) C:\Users\dave\Downloads\videoconverter.exe
    2014-11-10 15:18 - 2014-11-10 14:58 - 00000000 ____D () C:\Windows\system32\directx
    2014-11-10 15:09 - 2014-10-17 05:39 - 00000000 ____D () C:\Program Files\Microsoft.NET
    2014-11-10 14:58 - 2014-11-10 14:57 - 00887896 _____ (Microsoft Corporation) C:\Users\dave\Downloads\dotNetFx40_Client_setup.exe
    2014-11-10 14:57 - 2014-11-10 14:57 - 00292184 _____ (Microsoft Corporation) C:\Users\dave\Downloads\dxwebsetup.exe
    2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ____D () C:\Users\dave\Documents\Freemake
    2014-11-10 14:52 - 2014-11-10 14:50 - 32799424 _____ (Any-Video-Converter.com ) C:\Users\dave\Downloads\avc-setup-5.7.3.exe
    2014-11-10 14:36 - 2014-11-10 14:36 - 00000000 ____D () C:\Users\dave\AppData\Roaming\MPC-HC
    2014-11-10 14:33 - 2014-11-10 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2014-11-10 14:32 - 2014-11-10 14:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
    2014-11-10 14:18 - 2014-11-10 14:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\rmi
    2014-11-10 07:55 - 2014-11-10 07:55 - 00000733 _____ () C:\Users\dave\Desktop\MiniToolBox - Shortcut.lnk
    2014-11-10 07:55 - 2014-11-10 07:55 - 00000680 _____ () C:\Users\dave\Desktop\FRST - Shortcut.lnk
    2014-11-09 18:41 - 2014-11-09 18:41 - 00002087 _____ () C:\Windows\system32\ipconfig_results.txt
    2014-11-09 18:32 - 2014-11-09 18:27 - 04436793 _____ (VPN in Touch ) C:\Users\dave\Downloads\VIT_Desktop.exe
    2014-11-09 18:14 - 2014-11-09 18:14 - 00026208 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0119.sys
    2014-11-09 18:10 - 2014-11-09 18:10 - 00133688 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
    2014-11-09 14:00 - 2014-11-09 14:00 - 00000000 ____D () C:\Users\dave\AppData\Roaming\RealArcade
    2014-11-09 12:31 - 2014-11-09 12:31 - 00000000 ____D () C:\Users\dave\AppData\Local\DVDVideoSoft_Ltd
    2014-11-09 12:30 - 2014-11-09 12:30 - 00001728 _____ () C:\Users\Public\Desktop\Free Screen Video Recorder.lnk
    2014-11-08 18:15 - 2014-11-08 18:15 - 00000000 ____D () C:\ProgramData\Enkord
    2014-11-08 18:14 - 2014-11-08 18:14 - 00000017 _____ () C:\Windows\popcinfo.dat
    2014-11-08 17:55 - 2014-11-08 17:55 - 00004096 _____ () C:\Windows\d3dx.dat
    2014-11-08 15:31 - 2014-11-08 15:31 - 00000569 _____ () C:\Users\dave\Desktop\File Shredder.lnk
    2014-11-08 15:31 - 2014-11-08 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
    2014-11-08 15:30 - 2014-11-08 15:29 - 02317839 _____ (PowTools ) C:\Users\dave\Downloads\file_shredder_setup(1).exe
    2014-11-08 15:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding
    2014-11-08 15:04 - 2014-11-08 14:47 - 00000000 ____D () C:\SUPERDelete
    2014-11-08 14:45 - 2014-11-08 14:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-11-08 14:43 - 2014-11-08 14:30 - 20210824 _____ (SUPERAntiSpyware) C:\Users\dave\Downloads\SUPERAntiSpyware.exe
    2014-11-08 13:35 - 2014-10-18 02:46 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
    2014-11-08 13:35 - 2014-10-18 02:45 - 00000494 _____ () C:\Users\dave\Desktop\Should I Remove It.lnk
    2014-11-08 13:35 - 2014-10-18 02:45 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
    2014-11-08 13:32 - 2014-10-18 01:48 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Adobe
    2014-11-08 12:41 - 2014-10-17 05:14 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-08 12:22 - 2014-10-16 06:34 - 00001417 _____ () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-11-07 13:08 - 2014-10-20 10:59 - 00000408 _____ () C:\Users\dave\AppData\Roaming\CamShapes.ini
    2014-11-07 13:08 - 2014-10-20 10:59 - 00000408 _____ () C:\Users\dave\AppData\Roaming\CamLayout.ini
    2014-11-07 13:08 - 2014-10-20 10:59 - 00000096 _____ () C:\Users\dave\AppData\Roaming\Camdata.ini
    2014-11-06 23:21 - 2014-11-06 23:21 - 00000000 ____D () C:\Windows\XSxS
    2014-11-06 23:21 - 2014-11-06 23:21 - 00000000 ____D () C:\Share
    2014-11-06 18:22 - 2014-10-20 10:59 - 00004535 _____ () C:\Users\dave\AppData\Roaming\CamStudio.cfg
    2014-11-06 18:09 - 2014-10-20 10:59 - 00000096 _____ () C:\Users\dave\AppData\Roaming\version2.xml
    2014-11-06 13:14 - 2014-11-06 11:54 - 00000000 ____D () C:\Users\dave\AppData\Local\VerifiedVPN
    2014-11-05 12:40 - 2014-11-05 12:40 - 00000000 ____D () C:\Users\dave\AppData\Roaming\YoudaGames
    2014-11-05 10:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\SchCache

    Some content of TEMP:
    ====================
    C:\Users\dave\AppData\Local\Temp\Quarantine.exe
    C:\Users\dave\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-25 08:43

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
    Ran by dave at 2014-12-05 09:00:48
    Running from D:\
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.6.303.111 - ALPS ELECTRIC CO., LTD.)
    AMCap (HKLM\...\AMCap) (Version: 9.20.132.2 - Noël Danjou)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    Free Screen Video Recorder version 2.5.39.1022 (HKLM\...\Free Screen Video Recorder_is1) (Version: 2.5.39.1022 - DVDVideoSoft Ltd.)
    Free Video to MP3 Converter version 5.0.51.1022 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.51.1022 - DVDVideoSoft Ltd.)
    General Knowledge Quiz 1.0 (HKLM\...\General Knowledge Quiz_is1) (Version: - Justgames.ch)
    Google Chrome (HKCU\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
    K-Lite Mega Codec Pack 10.8.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.95 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
    Opera Stable 26.0.1656.32 (HKLM\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)
    Privacy Mantra 3.00 (HKLM\...\Privacy Mantra 3.00) (Version: - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Skype™ 6.3 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.3.105 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.17 - Synaptics Incorporated)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

    ==================== Restore Points =========================

    01-12-2014 10:47:54 Revo Uninstaller's restore point - Empires of Arkeia
    02-12-2014 01:44:36 Revo Uninstaller's restore point - Free Ride Games Player
    02-12-2014 01:48:18 Revo Uninstaller's restore point - Free Ride Games Player
    02-12-2014 04:29:32 Revo Uninstaller's restore point - Angry Birds Seasons
    04-12-2014 01:35:45 Revo Uninstaller's restore point - SpyHunter 4
    04-12-2014 05:06:59 herdProtect before 15 removals

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {34E0DC84-A3A3-4601-BCFE-E685EA9ABAA4} - System32\Tasks\VerifiedVPN_NMDInUseCheck => C:\Users\dave\AppData\Local\VerifiedVPN\NMD\uninstall.exe
    Task: {3C5DC9D2-DF3F-4B21-A54B-31DC160AE6D0} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-07] ()
    Task: {5B36BF17-D328-4B0D-85FE-6D89C99686ED} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {5E09CECA-5EEE-4E99-9E89-8E458E4DD62F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
    Task: {66F7B84F-1EC1-4020-BE31-9FFB7327B32D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {87975931-7B6E-410D-AFCA-3D570A6B9657} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-01] (Adobe Systems Incorporated)
    Task: {950F8A29-5548-40BA-9DDB-D24ABD1E5B23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000UA => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {9EB15C21-F83B-4DC7-BB7F-597FED88C66B} - System32\Tasks\ShouldIRemoveIt_Notifications => D:\ShouldIRemoveIt.exe [2014-09-04] (Reason Software Company Inc.)
    Task: {A3C5744E-9DD6-4407-B5DC-EC0016A3F6CB} - System32\Tasks\{C1D77027-8B9D-40B5-BE63-1BDA3AE78AD8} => C:\Users\dave\Downloads\mpam-fe.exe [2014-11-28] (Microsoft Corporation)
    Task: {A6FE9396-0DBB-4155-8C55-317A525D1859} - System32\Tasks\{E8F86E01-B74A-435B-86C4-C1C52CC8876E} => C:\Program Files\CamStudio 2.7\Recorder.exe
    Task: {A8C17B43-744F-4DF8-A0C2-032938E3F50A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
    Task: {ADC4EB03-C82C-41A5-AC73-B13F7B52EC83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000Core => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {AE471C8F-446C-4228-83B3-9C91EA7F4B72} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-29] (AVAST Software)
    Task: {B247E1ED-8FCB-42D6-AF63-DB5944AB5091} - System32\Tasks\{77049E04-1801-4EA4-96DB-ADD9D4C8931B} => C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
    Task: {DAB34838-F00A-40AD-8A1E-5BA19B5B46F7} - System32\Tasks\Opera scheduled Autoupdate 1413574241 => C:\Program Files\Opera\launcher.exe [2014-11-25] (Opera Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000Core.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000UA.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\VerifiedVPN_NMDInUseCheck.job => C:\Users\dave\AppData\Local\VerifiedVPN\NMD\uninstall.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-12-04 09:03 - 2014-12-04 09:03 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120301\algo.dll
    2014-12-05 08:53 - 2014-12-05 08:53 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120401\algo.dll
    2014-11-29 08:16 - 2014-11-29 08:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 01077064 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 00211272 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 09009480 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 01677128 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: wuauserv => 2
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: BAPIDRV
    Description: BAPIDRV
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: BAPIDRV
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/04/2014 09:35:43 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {4b2cde67-ea4f-4966-9abf-8cf5486afe49}

    Error: (12/02/2014 00:29:31 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {381dd7d2-4552-4d64-a25e-e54e65e95b02}

    Error: (12/02/2014 09:48:17 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {30c1909a-7c52-4866-ae1d-fb80da7e7cc5}

    Error: (12/02/2014 09:47:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Free Ride Games.exe version 1.0.1.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d90

    Start Time: 01d00dd1de20a33a

    Termination Time: 0

    Application Path: C:\Users\dave\AppData\Local\Temp\SDM143\Free Ride Games.exe

    Report Id:

    Error: (12/02/2014 09:44:35 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {30c1909a-7c52-4866-ae1d-fb80da7e7cc5}

    Error: (12/02/2014 08:34:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AngryBirdsSeasonsInstaller_4.0.1.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 16ec

    Start Time: 01d00dc78b9f9936

    Termination Time: 15

    Application Path: C:\Users\dave\Downloads\AngryBirdsSeasonsInstaller_4.0.1.exe

    Report Id:

    Error: (12/02/2014 08:32:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AngryBirdsSeasonsInstaller_4.0.1.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1554

    Start Time: 01d00dc6a10c7742

    Termination Time: 0

    Application Path: C:\Users\dave\Downloads\AngryBirdsSeasonsInstaller_4.0.1.exe

    Report Id:

    Error: (12/01/2014 06:47:53 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {30c1909a-7c52-4866-ae1d-fb80da7e7cc5}

    Error: (12/01/2014 05:52:39 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bb550d37-d046-4e08-abc6-32efbc5d4394}

    Error: (12/01/2014 10:30:15 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {1fbcfe74-1b32-4e9b-86c6-d86dc6c4e1cb}


    System errors:
    =============
    Error: (12/05/2014 06:11:07 AM) (Source: volmgr) (EventID: 45) (User: )
    Description: The system could not sucessfully load the crash dump driver.

    Error: (12/04/2014 02:19:47 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
    this computer.

    Error: (12/04/2014 02:19:47 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
    this computer.

    Error: (12/04/2014 02:19:47 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9730DD37-AE5F-49A1-8244-DAE8653142E5} because another computer on the network has the same name. The server could not start.

    Error: (12/04/2014 01:31:45 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
    this computer.

    Error: (12/04/2014 01:31:45 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
    this computer.

    Error: (12/04/2014 01:31:45 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9730DD37-AE5F-49A1-8244-DAE8653142E5} because another computer on the network has the same name. The server could not start.

    Error: (12/04/2014 00:19:33 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
    this computer.

    Error: (12/04/2014 00:19:33 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.101 did not allow the name to be claimed by
    this computer.

    Error: (12/04/2014 00:19:33 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9730DD37-AE5F-49A1-8244-DAE8653142E5} because another computer on the network has the same name. The server could not start.


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
    Percentage of memory in use: 48%
    Total physical RAM: 1977.98 MB
    Available physical RAM: 1009.64 MB
    Total Pagefile: 3955.95 MB
    Available Pagefile: 2544.96 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1894.07 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:99.97 GB) (Free:75.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:132.81 GB) (Free:125.44 GB) NTFS
    Drive f: () (Removable) (Total:7.28 GB) (Free:7.21 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CE6DCE6D)
    Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=132.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 7.3 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
    Last edited by a moderator: Dec 5, 2014
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    Unfortunately the copy of FRST that you ran is very old:
    Plus you are running it from the D drive.
    Yes it will run from the D drive, but it will cause problems when trying to run a fix.

    Also please explain why this system is so far out of date:
    No SP1 and IE8??

    We can try and sort this, but the system has so many security holes..... nothing is guaranteed.

    Please remove your copy of FRST and download and run a fresh copy using these instructions:

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.
    • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

      a1e30894cbd1e51d77798ccaebcd6fa0.png
    • When the tool opens click Yes to disclaimer.

      6c81f32e4cfa276b33b2c5b126a03416.png
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

    Please post both reports.

    Thanks
     
  5. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    I already had Fst on my pc from the last time I had a problem. Not knowing it would be out of date, I used it. Sorry. reports will be there shortly.
     
  6. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Ok reports are done. Thanks.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2014
    Ran by dave (administrator) on DAVE-PC on 06-12-2014 09:16:07
    Running from C:\Users\dave\Downloads
    Loaded Profiles: dave & (Available profiles: dave)
    Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Reason Software Company Inc.) D:\ShouldIRemoveIt.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
    (Farbar) C:\Users\dave\Downloads\FRST(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-01-23] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [255344 2011-01-21] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2422512 2013-10-01] (Synaptics Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-29] (AVAST Software)
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Run: [Google Update] => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-31] (Google Inc.)
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Run: [GoogleChromeAutoLaunch_86435EA0F6DA4FA63391EC6FBC88C7D2] => C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-31] (Google Inc.)
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_86435EA0F6DA4FA63391EC6FBC88C7D2] => C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
    Startup: C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com/?fr=hp-avast&type=avastbcl
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\2znzxkro.default
    FF DefaultSearchEngine: Yahoo
    FF SelectedSearchEngine: Yahoo
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1394844423-3040098348-1389167094-1000: @tools.google.com/Google Update;version=3 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1394844423-3040098348-1389167094-1000: @tools.google.com/Google Update;version=9 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-29]
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF Extension: No Name - wrc@avast.com [Not Found]
    FF StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_ir_14_48_ff&cd=2XzuyEtN2Y1L1QzutDtD0F0F0D0A0FyB0CyEzz0EyB0D0B0BtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StBtDzzyEtAyBtB0CtG0EtD0D0FtG0CyEzy0AtGyEzzyD0BtGyE0A0B0AyBtCtB0A0FtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0BtBtDyC0FyC0AtG0FtCtBzytGyEyDzzzytG0B0Czz0AtGyEyCyEtA0A0EtDtDyEtDyB0E2Q&cr=2108094777&ir=
    CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ir_14_48_ff&cd=2XzuyEtN2Y1L1QzutDtD0F0F0D0A0FyB0CyEzz0EyB0D0B0BtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StBtDzzyEtAyBtB0CtG0EtD0D0FtG0CyEzy0AtGyEzzyD0BtGyE0A0B0AyBtCtB0A0FtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0BtBtDyC0FyC0AtG0FtCtBzytGyEyDzzzytG0B0Czz0AtGyEyCyEtA0A0EtDtDyEtDyB0E2Q&cr=2108094777&ir=", "hxxp://www.yahoosearch.com/", "https://www.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Angry Birds) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-10-18]
    CHR Extension: (Google Docs) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
    CHR Extension: (Google Drive) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-31]
    CHR Extension: (YouTube) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]
    CHR Extension: (Snail Bob) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\boojbpjmnagikjmogdflhibdljlpjmob [2014-10-18]
    CHR Extension: (Google Search) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]
    CHR Extension: (Dress Up Games for Girls - Wedding Dress) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhliedfecmflammfejglhcadhclcnlph [2014-10-18]
    CHR Extension: (ZenMate) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-11-09]
    CHR Extension: (Snail Bob 3) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkgbmagflnkghiegfflnhmcnepeiijjl [2014-10-18]
    CHR Extension: (Girl Games - Play Girls Games Online) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhnlfnigjjkiphcnbnpedcpfoggjhba [2014-10-18]
    CHR Extension: (Avast Online Security) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-30]
    CHR Extension: (Google Wallet) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18]
    CHR Extension: (Snail Bob 4) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikdgohcjheplphhjkngpcjpdcmpbfcl [2014-10-18]
    CHR Extension: (Girl Games) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcceoncgjofiikkkkdobbaagbohdpcfm [2014-10-18]
    CHR Extension: (Vintage Cartoons) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pginbngjpgkcgghffjhibdnkmlkkcgfk [2014-10-18]
    CHR Extension: (Gmail) - C:\Users\dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-29]
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-29] (AVAST Software)
    R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-29] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-29] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-29] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-29] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-29] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-29] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-29] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-29] ()
    R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3254784 2014-01-09] (Qualcomm Atheros Communications, Inc.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2014-12-04] ()
    R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-06] (Intel Corporation)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-06] (Intel Corporation)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2013-07-18] (Qualcomm Atheros Co., Ltd.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-05] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
    R3 Neo_SoftEtherVPN; C:\Windows\System32\DRIVERS\Neo_0119.sys [26208 2014-11-09] (SoftEther VPN Project at University of Tsukuba, Japan.)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799808 2008-12-29] ()
    R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-08-03] (The OpenVPN Project)
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S3 tapSF0901; system32\DRIVERS\tapSF0901.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-06 09:16 - 2014-12-06 09:16 - 00018603 _____ () C:\Users\dave\Downloads\FRST.txt
    2014-12-06 09:14 - 2014-12-06 09:15 - 01110016 _____ (Farbar) C:\Users\dave\Downloads\FRST(1).exe
    2014-12-05 09:44 - 2014-12-05 09:44 - 00000055 _____ () C:\AdwCleanerDebug.txt
    2014-12-05 09:40 - 2014-12-05 09:43 - 02153472 _____ () C:\Users\dave\Downloads\adwcleaner_4.104.exe
    2014-12-05 09:01 - 2014-12-05 09:49 - 00000000 ____D () C:\Users\dave\Documents\Vosteran Virus
    2014-12-05 08:59 - 2014-12-06 09:16 - 00000000 ____D () C:\FRST
    2014-12-05 08:57 - 2014-12-05 08:57 - 01110016 _____ (Farbar) C:\Users\dave\Downloads\FRST.exe
    2014-12-04 12:40 - 2014-12-04 12:40 - 00001270 _____ () C:\Users\Public\Desktop\herdProtect.lnk
    2014-12-04 12:40 - 2014-12-04 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
    2014-12-04 12:40 - 2014-12-04 12:40 - 00000000 ____D () C:\Program Files\Reason
    2014-12-04 12:38 - 2014-12-04 12:40 - 02515504 _____ (Reason Company Software Inc.) C:\Users\dave\Downloads\herdProtectScan_Setup.exe
    2014-12-04 11:51 - 2014-12-04 11:51 - 00001198 _____ () C:\Users\dave\Desktop\adwcleaner_4.103 - Shortcut.lnk
    2014-12-04 09:18 - 2014-12-04 09:21 - 00000000 ____D () C:\sh4ldr
    2014-12-04 09:15 - 2014-12-04 09:15 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
    2014-12-04 09:11 - 2014-12-04 09:14 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer (1).exe
    2014-12-02 12:12 - 2014-12-05 09:49 - 00005278 _____ () C:\Windows\PFRO.log
    2014-12-02 12:12 - 2014-12-05 09:49 - 00000280 _____ () C:\Windows\setupact.log
    2014-12-02 12:12 - 2014-12-02 12:12 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-02 10:11 - 2014-12-02 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio Entertainment Ltd
    2014-12-02 10:11 - 2014-12-02 10:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Rovio Entertainment Ltd
    2014-12-02 10:10 - 2014-12-02 10:10 - 96157184 _____ (Rovio Entertainment Ltd.) C:\Users\dave\Downloads\AngryBirdsSeasonsInstaller_4.0.1(2).exe
    2014-12-02 09:39 - 2014-12-02 09:47 - 00000064 _____ () C:\Windows\GPlrLanc.dat
    2014-12-02 09:39 - 2014-12-02 09:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-12-02 08:45 - 2014-12-02 08:45 - 00000604 _____ () C:\Users\dave\Desktop\General Knowledge Quiz.lnk
    2014-12-02 08:45 - 2014-12-02 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\General Knowledge Quiz
    2014-12-02 08:44 - 2014-12-02 08:44 - 02085442 _____ (Justgames.ch ) C:\Users\dave\Downloads\quiz2(1).exe
    2014-12-01 18:23 - 2014-12-01 18:23 - 12845501 _____ (Shmehao.com ) C:\Users\dave\Downloads\empires-of-arkeia(1).exe
    2014-12-01 17:44 - 2014-12-01 17:57 - 24785176 _____ () C:\Users\dave\Downloads\MSAoE.exe
    2014-12-01 16:46 - 2014-12-04 09:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-12-01 16:44 - 2014-12-01 16:45 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer.exe
    2014-12-01 16:29 - 2014-12-05 16:13 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-01 16:29 - 2014-12-05 09:08 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-01 16:29 - 2014-12-05 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-01 16:29 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-01 16:29 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-01 16:29 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-30 13:21 - 2014-11-30 13:21 - 00000000 ____D () C:\ProgramData\MumboJumbo
    2014-11-29 11:13 - 2014-11-29 11:27 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Realore_Whiterra Roads Of Rome 1.2
    2014-11-29 08:35 - 2014-11-29 08:35 - 00000000 ___RD () C:\Users\dave\Dropbox
    2014-11-29 08:28 - 2014-11-29 18:08 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Dropbox
    2014-11-29 08:18 - 2014-11-29 08:18 - 00002121 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-11-29 08:18 - 2014-11-29 08:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\AVAST Software
    2014-11-29 08:18 - 2014-11-29 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-11-29 08:16 - 2014-11-29 08:18 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-11-29 08:16 - 2014-11-29 08:17 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-11-29 08:16 - 2014-11-29 08:16 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-11-29 08:16 - 2014-11-29 08:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-11-29 08:16 - 2014-11-29 08:16 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-11-29 08:10 - 2014-11-29 08:10 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-11-29 08:08 - 2014-11-29 08:08 - 05006864 _____ (AVAST Software) C:\Users\dave\Downloads\avast_free_antivirus_setup_online.exe
    2014-11-28 17:19 - 2014-11-28 18:18 - 111868152 _____ (Microsoft Corporation) C:\Users\dave\Downloads\mpam-fe.exe
    2014-11-28 13:46 - 2014-11-28 13:46 - 00000477 _____ () C:\Users\dave\Desktop\System - Shortcut.lnk
    2014-11-26 19:07 - 2014-11-26 19:12 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Islands
    2014-11-20 09:59 - 2014-11-20 09:59 - 00000906 ____R () C:\Users\dave\Documents\BitLocker Recovery Key 924DDCAE-D98A-41F2-B78A-E4C1A847671A.txt
    2014-11-12 09:23 - 2014-11-12 09:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-11-11 08:04 - 2014-11-11 08:04 - 00002170 _____ () C:\Users\Public\Desktop\Google Earth.lnk
    2014-11-11 08:04 - 2014-11-11 08:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-11-11 08:01 - 2014-11-11 08:01 - 00880272 _____ (Google Inc.) C:\Users\dave\Downloads\GoogleEarthSetup.exe
    2014-11-10 17:50 - 2014-11-26 14:16 - 00000081 _____ () C:\Users\dave\Documents\Lords.txt
    2014-11-10 17:30 - 2014-12-05 00:00 - 00000000 ____D () C:\ProgramData\gamehouse
    2014-11-10 17:30 - 2014-11-10 17:30 - 00000000 ____D () C:\Users\dave\AppData\Roaming\gamehouse
    2014-11-10 17:21 - 2014-11-10 17:21 - 00000000 ____D () C:\Users\dave\AppData\Roaming\aliasworlds
    2014-11-10 17:21 - 2014-11-10 17:21 - 00000000 ____D () C:\ProgramData\aliasworlds
    2014-11-10 16:14 - 2014-11-10 16:14 - 00001733 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
    2014-11-10 15:48 - 2008-10-08 10:16 - 00139264 _____ (http://www.xvid.org) C:\Windows\system32\xvid.ax
    2014-11-10 15:42 - 2014-11-10 15:45 - 09120817 _____ (www.easy-video-converter.com ) C:\Users\dave\Downloads\videoconverter.exe
    2014-11-10 15:18 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2014-11-10 15:18 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
    2014-11-10 15:18 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2014-11-10 15:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
    2014-11-10 15:18 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
    2014-11-10 15:18 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
    2014-11-10 15:18 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
    2014-11-10 15:18 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2014-11-10 15:18 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
    2014-11-10 15:18 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
    2014-11-10 15:18 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
    2014-11-10 15:18 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
    2014-11-10 15:18 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
    2014-11-10 15:18 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
    2014-11-10 15:18 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
    2014-11-10 15:18 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
    2014-11-10 15:18 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
    2014-11-10 15:18 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
    2014-11-10 15:18 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
    2014-11-10 15:18 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
    2014-11-10 15:18 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
    2014-11-10 15:18 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
    2014-11-10 15:18 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
    2014-11-10 15:18 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
    2014-11-10 15:18 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
    2014-11-10 15:18 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
    2014-11-10 15:18 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
    2014-11-10 15:18 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
    2014-11-10 15:18 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
    2014-11-10 15:18 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
    2014-11-10 15:18 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
    2014-11-10 15:18 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
    2014-11-10 15:18 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
    2014-11-10 15:18 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
    2014-11-10 15:18 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
    2014-11-10 15:18 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
    2014-11-10 15:18 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
    2014-11-10 15:18 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
    2014-11-10 15:18 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
    2014-11-10 15:18 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
    2014-11-10 15:18 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
    2014-11-10 15:18 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
    2014-11-10 15:18 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
    2014-11-10 15:18 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
    2014-11-10 15:18 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
    2014-11-10 15:18 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
    2014-11-10 15:18 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
    2014-11-10 15:18 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
    2014-11-10 15:18 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
    2014-11-10 15:18 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
    2014-11-10 15:18 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
    2014-11-10 15:17 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
    2014-11-10 15:17 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
    2014-11-10 15:17 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
    2014-11-10 15:17 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
    2014-11-10 15:17 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
    2014-11-10 15:17 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
    2014-11-10 15:17 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
    2014-11-10 15:17 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2014-11-10 15:17 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
    2014-11-10 15:17 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
    2014-11-10 15:17 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
    2014-11-10 15:17 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
    2014-11-10 15:17 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
    2014-11-10 15:17 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
    2014-11-10 15:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
    2014-11-10 15:17 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
    2014-11-10 15:17 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
    2014-11-10 15:17 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
    2014-11-10 15:17 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
    2014-11-10 15:17 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
    2014-11-10 15:17 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
    2014-11-10 15:17 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
    2014-11-10 15:17 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
    2014-11-10 15:17 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
    2014-11-10 15:17 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
    2014-11-10 14:59 - 2009-11-26 03:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
    2014-11-10 14:59 - 2009-11-26 03:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
    2014-11-10 14:58 - 2014-11-10 15:18 - 00000000 ____D () C:\Windows\system32\directx
    2014-11-10 14:57 - 2014-11-10 14:58 - 00887896 _____ (Microsoft Corporation) C:\Users\dave\Downloads\dotNetFx40_Client_setup.exe
    2014-11-10 14:57 - 2014-11-10 14:57 - 00292184 _____ (Microsoft Corporation) C:\Users\dave\Downloads\dxwebsetup.exe
    2014-11-10 14:55 - 2014-11-10 14:55 - 00000000 ____D () C:\Users\dave\Documents\Freemake
    2014-11-10 14:50 - 2014-11-10 14:52 - 32799424 _____ (Any-Video-Converter.com ) C:\Users\dave\Downloads\avc-setup-5.7.3.exe
    2014-11-10 14:36 - 2014-11-10 14:36 - 00000000 ____D () C:\Users\dave\AppData\Roaming\MPC-HC
    2014-11-10 14:33 - 2014-11-10 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2014-11-10 14:33 - 2014-07-23 02:50 - 03510784 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll
    2014-11-10 14:33 - 2011-12-08 01:32 - 00216064 _____ ( ) C:\Windows\system32\lagarith.dll
    2014-11-10 14:33 - 2009-09-29 20:57 - 00758018 _____ () C:\Windows\system32\xvidcore.dll
    2014-11-10 14:33 - 2008-12-04 21:46 - 00180224 _____ () C:\Windows\system32\xvidvfw.dll
    2014-11-10 14:32 - 2014-11-10 14:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
    2014-11-10 14:32 - 2014-10-07 02:00 - 00112640 _____ () C:\Windows\system32\ff_vfw.dll
    2014-11-10 14:32 - 2014-06-14 22:03 - 00218200 _____ () C:\Windows\system32\unrar.dll
    2014-11-10 14:32 - 2012-07-21 18:54 - 00122880 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
    2014-11-10 14:18 - 2014-11-10 14:18 - 00000000 ____D () C:\Users\dave\AppData\Roaming\rmi
    2014-11-10 07:56 - 2014-12-06 09:14 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-10 07:56 - 2014-12-06 09:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-10 07:56 - 2014-11-11 08:04 - 00000000 ____D () C:\Program Files\Google
    2014-11-10 07:55 - 2014-11-10 07:55 - 00000733 _____ () C:\Users\dave\Desktop\MiniToolBox - Shortcut.lnk
    2014-11-09 18:41 - 2014-11-09 18:41 - 00002087 _____ () C:\Windows\system32\ipconfig_results.txt
    2014-11-09 18:41 - 2013-08-03 07:06 - 00026624 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2014-11-09 18:27 - 2014-11-09 18:32 - 04436793 _____ (VPN in Touch ) C:\Users\dave\Downloads\VIT_Desktop.exe
    2014-11-09 18:14 - 2014-11-09 18:14 - 00026208 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\Drivers\Neo_0119.sys
    2014-11-09 18:10 - 2014-11-09 18:10 - 00133688 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
    2014-11-09 14:00 - 2014-11-09 14:00 - 00000000 ____D () C:\Users\dave\AppData\Roaming\RealArcade
    2014-11-09 12:31 - 2014-11-09 12:31 - 00000000 ____D () C:\Users\dave\AppData\Local\DVDVideoSoft_Ltd
    2014-11-09 12:30 - 2014-11-10 16:14 - 00001201 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
    2014-11-09 12:30 - 2014-11-10 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    2014-11-09 12:30 - 2014-11-09 12:30 - 00001728 _____ () C:\Users\Public\Desktop\Free Screen Video Recorder.lnk
    2014-11-09 12:29 - 2014-11-10 16:14 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
    2014-11-09 12:28 - 2014-11-10 16:14 - 00000000 ____D () C:\Users\dave\AppData\Roaming\DVDVideoSoft
    2014-11-08 18:15 - 2014-11-08 18:15 - 00000000 ____D () C:\ProgramData\Enkord
    2014-11-08 18:14 - 2014-11-08 18:14 - 00000017 _____ () C:\Windows\popcinfo.dat
    2014-11-08 17:55 - 2014-11-08 17:55 - 00004096 _____ () C:\Windows\d3dx.dat
    2014-11-08 15:31 - 2014-11-08 15:31 - 00000569 _____ () C:\Users\dave\Desktop\File Shredder.lnk
    2014-11-08 15:31 - 2014-11-08 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
    2014-11-08 15:29 - 2014-11-08 15:30 - 02317839 _____ (PowTools ) C:\Users\dave\Downloads\file_shredder_setup(1).exe
    2014-11-08 14:47 - 2014-11-08 15:04 - 00000000 ____D () C:\SUPERDelete
    2014-11-08 14:45 - 2014-11-08 14:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-11-08 14:30 - 2014-11-08 14:43 - 20210824 _____ (SUPERAntiSpyware) C:\Users\dave\Downloads\SUPERAntiSpyware.exe
    2014-11-06 23:21 - 2014-11-06 23:21 - 00000000 ____D () C:\Windows\XSxS
    2014-11-06 23:21 - 2014-11-06 23:21 - 00000000 ____D () C:\Share
    2014-11-06 11:54 - 2014-12-03 11:54 - 00000506 _____ () C:\Windows\Tasks\VerifiedVPN_NMDInUseCheck.job
    2014-11-06 11:54 - 2014-11-06 13:14 - 00000000 ____D () C:\Users\dave\AppData\Local\VerifiedVPN

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-06 09:07 - 2014-10-31 00:36 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000UA.job
    2014-12-06 09:06 - 2014-10-28 08:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-05 17:32 - 2014-10-17 04:57 - 00000621 _____ () C:\Users\dave\Desktop\Arcade Game 2012.lnk
    2014-12-05 16:09 - 2014-10-31 00:36 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000Core.job
    2014-12-05 16:02 - 2014-10-16 06:38 - 00730320 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-05 09:57 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-05 09:57 - 2009-07-14 12:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-05 09:49 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-05 09:48 - 2014-10-18 02:31 - 00000000 ____D () C:\AdwCleaner
    2014-12-04 09:13 - 2014-10-18 03:30 - 00000000 ____D () C:\Program Files\Opera
    2014-12-04 08:39 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-02 10:12 - 2014-11-05 11:58 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Rovio
    2014-12-02 10:12 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-01 18:38 - 2014-10-28 08:52 - 00000000 ____D () C:\Users\dave\AppData\Local\Adobe
    2014-12-01 18:31 - 2014-10-17 05:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-12-01 18:31 - 2014-10-17 05:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-12-01 12:36 - 2014-10-17 05:14 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-12-01 12:36 - 2014-10-17 05:11 - 00002362 ____H () C:\Users\dave\Desktop\Google Chrome.lnk
    2014-11-29 09:08 - 2014-10-17 05:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-11-29 09:07 - 2014-10-17 05:13 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-11-29 08:35 - 2014-10-16 06:32 - 00000000 ____D () C:\Users\dave
    2014-11-29 08:23 - 2014-10-17 05:12 - 00000000 ____D () C:\ProgramData\Adobe
    2014-11-29 08:10 - 2014-10-20 05:40 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-11-28 20:00 - 2014-10-20 05:59 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-11-24 14:04 - 2014-10-20 06:07 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-11-16 18:18 - 2014-10-17 05:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-11-11 13:13 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-11-11 08:04 - 2014-10-17 05:11 - 00000000 ____D () C:\Users\dave\AppData\Local\Google
    2014-11-10 15:09 - 2014-10-17 05:39 - 00000000 ____D () C:\Program Files\Microsoft.NET
    2014-11-08 15:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding
    2014-11-08 13:35 - 2014-10-18 02:46 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
    2014-11-08 13:35 - 2014-10-18 02:45 - 00000494 _____ () C:\Users\dave\Desktop\Should I Remove It.lnk
    2014-11-08 13:35 - 2014-10-18 02:45 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
    2014-11-08 13:32 - 2014-10-18 01:48 - 00000000 ____D () C:\Users\dave\AppData\Roaming\Adobe
    2014-11-08 12:41 - 2014-10-17 05:14 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-11-08 12:22 - 2014-10-16 06:34 - 00001417 _____ () C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-11-07 13:08 - 2014-10-20 10:59 - 00000408 _____ () C:\Users\dave\AppData\Roaming\CamShapes.ini
    2014-11-07 13:08 - 2014-10-20 10:59 - 00000408 _____ () C:\Users\dave\AppData\Roaming\CamLayout.ini
    2014-11-07 13:08 - 2014-10-20 10:59 - 00000096 _____ () C:\Users\dave\AppData\Roaming\Camdata.ini
    2014-11-06 18:22 - 2014-10-20 10:59 - 00004535 _____ () C:\Users\dave\AppData\Roaming\CamStudio.cfg
    2014-11-06 18:09 - 2014-10-20 10:59 - 00000096 _____ () C:\Users\dave\AppData\Roaming\version2.xml

    Some content of TEMP:
    ====================
    C:\Users\dave\AppData\Local\Temp\Quarantine.exe
    C:\Users\dave\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-05 11:57

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2014
    Ran by dave at 2014-12-06 09:17:25
    Running from C:\Users\dave\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.6.303.111 - ALPS ELECTRIC CO., LTD.)
    AMCap (HKLM\...\AMCap) (Version: 9.20.132.2 - Noël Danjou)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    Free Screen Video Recorder version 2.5.39.1022 (HKLM\...\Free Screen Video Recorder_is1) (Version: 2.5.39.1022 - DVDVideoSoft Ltd.)
    Free Video to MP3 Converter version 5.0.51.1022 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.51.1022 - DVDVideoSoft Ltd.)
    General Knowledge Quiz 1.0 (HKLM\...\General Knowledge Quiz_is1) (Version: - Justgames.ch)
    Google Chrome (HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Chrome (HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
    K-Lite Mega Codec Pack 10.8.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
    LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.95 - LSI Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
    Opera Stable 26.0.1656.32 (HKLM\...\Opera 26.0.1656.32) (Version: 26.0.1656.32 - Opera Software ASA)
    Privacy Mantra 3.00 (HKLM\...\Privacy Mantra 3.00) (Version: - )
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Should I Remove It (HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Should I Remove It (Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Skype™ 6.3 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.3.105 - Skype Technologies S.A.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.17 - Synaptics Incorporated)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

    ==================== Restore Points =========================

    01-12-2014 10:47:54 Revo Uninstaller's restore point - Empires of Arkeia
    02-12-2014 01:44:36 Revo Uninstaller's restore point - Free Ride Games Player
    02-12-2014 01:48:18 Revo Uninstaller's restore point - Free Ride Games Player
    02-12-2014 04:29:32 Revo Uninstaller's restore point - Angry Birds Seasons
    04-12-2014 01:35:45 Revo Uninstaller's restore point - SpyHunter 4
    04-12-2014 05:06:59 herdProtect before 15 removals

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {34E0DC84-A3A3-4601-BCFE-E685EA9ABAA4} - System32\Tasks\VerifiedVPN_NMDInUseCheck => C:\Users\dave\AppData\Local\VerifiedVPN\NMD\uninstall.exe
    Task: {3C5DC9D2-DF3F-4B21-A54B-31DC160AE6D0} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-07] ()
    Task: {5B36BF17-D328-4B0D-85FE-6D89C99686ED} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {5E09CECA-5EEE-4E99-9E89-8E458E4DD62F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
    Task: {87975931-7B6E-410D-AFCA-3D570A6B9657} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-01] (Adobe Systems Incorporated)
    Task: {950F8A29-5548-40BA-9DDB-D24ABD1E5B23} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000UA => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {9EB15C21-F83B-4DC7-BB7F-597FED88C66B} - System32\Tasks\ShouldIRemoveIt_Notifications => D:\ShouldIRemoveIt.exe [2014-09-04] (Reason Software Company Inc.)
    Task: {A3C5744E-9DD6-4407-B5DC-EC0016A3F6CB} - System32\Tasks\{C1D77027-8B9D-40B5-BE63-1BDA3AE78AD8} => C:\Users\dave\Downloads\mpam-fe.exe [2014-11-28] (Microsoft Corporation)
    Task: {A6FE9396-0DBB-4155-8C55-317A525D1859} - System32\Tasks\{E8F86E01-B74A-435B-86C4-C1C52CC8876E} => C:\Program Files\CamStudio 2.7\Recorder.exe
    Task: {A8C17B43-744F-4DF8-A0C2-032938E3F50A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-10] (Google Inc.)
    Task: {ADC4EB03-C82C-41A5-AC73-B13F7B52EC83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000Core => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-31] (Google Inc.)
    Task: {AE471C8F-446C-4228-83B3-9C91EA7F4B72} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-29] (AVAST Software)
    Task: {B247E1ED-8FCB-42D6-AF63-DB5944AB5091} - System32\Tasks\{77049E04-1801-4EA4-96DB-ADD9D4C8931B} => C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
    Task: {DAB34838-F00A-40AD-8A1E-5BA19B5B46F7} - System32\Tasks\Opera scheduled Autoupdate 1413574241 => C:\Program Files\Opera\launcher.exe [2014-11-25] (Opera Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000Core.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1394844423-3040098348-1389167094-1000UA.job => C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\VerifiedVPN_NMDInUseCheck.job => C:\Users\dave\AppData\Local\VerifiedVPN\NMD\uninstall.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-12-05 08:53 - 2014-12-05 08:53 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120401\algo.dll
    2014-12-06 09:09 - 2014-12-06 09:09 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120502\algo.dll
    2014-08-24 14:54 - 2012-11-09 05:02 - 01752576 _____ () D:\File Shredder\fsshell.dll
    2014-11-29 08:16 - 2014-11-29 08:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 01077064 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 00211272 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 09009480 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 01677128 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
    2014-11-26 07:49 - 2014-11-25 14:39 - 14910280 _____ () C:\Users\dave\AppData\Local\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
    2014-11-12 09:23 - 2014-11-12 09:23 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2014-11-26 12:56 - 2014-12-01 18:31 - 16841392 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: wuauserv => 2
    MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1394844423-3040098348-1389167094-500 - Administrator - Disabled)
    dave (S-1-5-21-1394844423-3040098348-1389167094-1000 - Administrator - Enabled) => C:\Users\dave
    Guest (S-1-5-21-1394844423-3040098348-1389167094-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1394844423-3040098348-1389167094-1002 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: BAPIDRV
    Description: BAPIDRV
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: BAPIDRV
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/04/2014 09:35:43 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {4b2cde67-ea4f-4966-9abf-8cf5486afe49}

    Error: (12/02/2014 00:29:31 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {381dd7d2-4552-4d64-a25e-e54e65e95b02}

    Error: (12/02/2014 09:48:17 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {30c1909a-7c52-4866-ae1d-fb80da7e7cc5}

    Error: (12/02/2014 09:47:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Free Ride Games.exe version 1.0.1.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: d90

    Start Time: 01d00dd1de20a33a

    Termination Time: 0

    Application Path: C:\Users\dave\AppData\Local\Temp\SDM143\Free Ride Games.exe

    Report Id:

    Error: (12/02/2014 09:44:35 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {30c1909a-7c52-4866-ae1d-fb80da7e7cc5}

    Error: (12/02/2014 08:34:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AngryBirdsSeasonsInstaller_4.0.1.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 16ec

    Start Time: 01d00dc78b9f9936

    Termination Time: 15

    Application Path: C:\Users\dave\Downloads\AngryBirdsSeasonsInstaller_4.0.1.exe

    Report Id:

    Error: (12/02/2014 08:32:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AngryBirdsSeasonsInstaller_4.0.1.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1554

    Start Time: 01d00dc6a10c7742

    Termination Time: 0

    Application Path: C:\Users\dave\Downloads\AngryBirdsSeasonsInstaller_4.0.1.exe

    Report Id:

    Error: (12/01/2014 06:47:53 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {30c1909a-7c52-4866-ae1d-fb80da7e7cc5}

    Error: (12/01/2014 05:52:39 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {bb550d37-d046-4e08-abc6-32efbc5d4394}

    Error: (12/01/2014 10:30:15 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {1fbcfe74-1b32-4e9b-86c6-d86dc6c4e1cb}


    System errors:
    =============
    Error: (12/06/2014 09:06:50 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (12/06/2014 09:06:34 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.0.102.
    The computer with the IP address 192.168.0.100 did not allow the name to be claimed by
    this computer.

    Error: (12/06/2014 09:06:33 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.0.102.
    The computer with the IP address 192.168.0.100 did not allow the name to be claimed by
    this computer.

    Error: (12/06/2014 09:06:33 AM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9730DD37-AE5F-49A1-8244-DAE8653142E5} because another computer on the network has the same name. The server could not start.

    Error: (12/05/2014 04:30:33 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.103 did not allow the name to be claimed by
    this computer.

    Error: (12/05/2014 04:30:33 PM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.0.100.
    The computer with the IP address 192.168.0.103 did not allow the name to be claimed by
    this computer.

    Error: (12/05/2014 04:30:33 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9730DD37-AE5F-49A1-8244-DAE8653142E5} because another computer on the network has the same name. The server could not start.

    Error: (12/05/2014 10:42:00 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :20" could not be registered on the interface with IP address 192.168.0.103.
    The computer with the IP address 192.168.0.100 did not allow the name to be claimed by
    this computer.

    Error: (12/05/2014 10:42:00 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "DAVE-PC :0" could not be registered on the interface with IP address 192.168.0.103.
    The computer with the IP address 192.168.0.100 did not allow the name to be claimed by
    this computer.

    Error: (12/05/2014 10:42:00 AM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9730DD37-AE5F-49A1-8244-DAE8653142E5} because another computer on the network has the same name. The server could not start.


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
    Percentage of memory in use: 66%
    Total physical RAM: 1977.98 MB
    Available physical RAM: 667.95 MB
    Total Pagefile: 3955.95 MB
    Available Pagefile: 1716.29 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1913.28 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:99.97 GB) (Free:75.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:132.81 GB) (Free:125.44 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: CE6DCE6D)
    Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=132.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     

    Attached Files:

    Last edited by a moderator: Dec 6, 2014
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    It doesn't pay to keep tools that we use, after the cleanup has finished.

    One thing you didn't address, was this:
    The last time you was helped, you had the SP1 and was running IE11.
    Something must have changed!
    Also: you didn't complete the last cleanup help for this system!

    At least FRST is running from the Download folder now.... we can work with that.

    Step 1
    Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\dave\Downloads.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

    Step 2
    Please reset Google Chrome
    • Click the Menu option button at the top right of the Google Chrome screen
    • Select Settings.
    • Click Show advanced settings and find the "Reset browser settings” section.
    • Click Reset browser settings.
    • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

    Resetting your browser settings will impact the settings below:

    Default search engine and saved search engines will be reset and to their original defaults.
    Homepage button will be hidden and the URL that you previously set will be removed.
    Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.
    New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.
    Pinned tabs will be unpinned.
    Content settings will be cleared and reset to their installation defaults.
    Cookies and site data will be cleared.
    Extensions and themes will be disabled.

    Step 3
    Download RogueKiller and save it to your Desktop.
    • Close all the running processes ( including your AV protection )
    • Double click RogueKiller icon to run the program
      Vista/Win7 users should right click the icon and select Run as Administrator.
    • Wait for the Prescan to finish.
    • Now click the Scan button.
    • Please copy and paste the report in your next reply.
    A copy of the RKreport.txt can be found on your desktop.


    In your next reply, please submit:
    Fixlog.txt
    RKreport.txt


    Thanks.
     

    Attached Files:

  8. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Ok Starbuck I will try to explain. Yes, something dramatic did change since last time I was in contact with you. I didn't think it was important since we are now dealing with the current system. I had major problems with the last system. My desk top would go black. My cursor would slow down to the point I could not operate it in a reasonable way. I could not connect to the internet. I took my pc down to the one professional pc tech we have on the island. He suggested to wipe the hard drives and install a different version of win7. I had the original win 7 Starter disks and also the win 7 Ultimate disk. I had been using Win 7 Starter that came with the laptop. The tech put the win 7 ultimate on the pc. It has been working great until this virus showed up in some download I did. Yes it probably is old as I bought this laptop years ago.
    I have attached the reports you requested. I will uninstall FST after this is over as you suggested. Thanks
    Also, I got an error message after I ran the Rogue Killer: "plugin container for Firefox has stopped working." I also got an error when I tried to upload the RK Report.fix report: the uploaded file does not have an allowable extension." I will try to save the file in my documents and go again. If that does not work, I will try to change the extension. Did not work so I will try to copy and paste here.
    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : dave [Administrator]
    Mode : Scan -- Date : 12/07/2014 14:40:59

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=avastbcl -> Found
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=avastbcl -> Found
    [PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Found
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Found
    [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] VerifiedVPN_NMDInUseCheck.job -- C:\Users\dave\AppData\Local\VerifiedVPN\NMD\uninstall.exe (/U:C:\Users\dave\AppData\Local\VERIFI~2\NMD\UNINST~1\UNINST~1.XML) -> Found
    [Suspicious.Path] \\VerifiedVPN_NMDInUseCheck -- C:\Users\dave\AppData\Local\VerifiedVPN\NMD\uninstall.exe (/U:C:\Users\dave\AppData\Local\VERIFI~2\NMD\UNINST~1\UNINST~1.XML) -> Found

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmReleaseContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmGetContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) wtsapi32.dll - ImmGetContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) wtsapi32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) user32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) advapi32.dll - DwmIsCompositionEnabled : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) advapi32.dll - DwmExtendFrameIntoClientArea : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) windowscodecs.dll - DwmExtendFrameIntoClientArea : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) imm32.dll - WINNLSEnableIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) user32.dll - SHCreateItemFromParsingName : Unknown @ 0x0

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ATA ST9250315AS SCSI Disk Device +++++
    --- User ---
    [MBR] dd205f909723c5528f56ccd293bdd17e
    [BSP] 5655fe0ac665599d0e3f8a7e0eed46ca : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102374 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209868800 | Size: 135999 MB
    User = LL1 ... OK
    User = LL2 ... OK

    Ok I guess that worked. I also reset Chrome as you said. Thanks again.
     

    Attached Files:

  9. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    One other thing, the reason I still had FST on the new system is because I ran back up and saved as much stuff as I could to the new os. Thanks.
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    Thanks, your explanation makes things clearer now.
    Even with an old system, you should still get the SP1 and the updated IE..... they will come through Windows updates.
    Are the Windows updates turned on?
    Click Start >> Control Panel >> Windows Update

    I can see from the lateset FRST report that the fixlist.txt was downloaded to your system..... but the entries that should have been removed are still showing.
    Did you click on the FIX button?
    It's quite common for people to click the scan button by mistake.

    When the fix has been run successfully, some of the entries in the RKreport should be removed automatically.

    Btw:
    you said earlier...
    Obviously it's your choice, but i would never set anything on my systems to Yahoo.
    They get an awful lot of bad press about their security/privacy.
    Most browsers would have a default of Google.
     
  11. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Hello Starbuck, I will make sure updates are turned on.
    With regard to the FST, looks like I screwed again. I didn't get the option to save FST to the desk top so I ran it from downloads. I can move it to the desk top and run it again if you want.
    Yes, I did hit fix the first time but like I said before, see capture atth, when I hit fis I got the message " No fixlist.txt found.
    So I figured there was nothing found to fix. Do you want me to just start over?
    As far as Chrome search is concerned, I went to the settings and found the hijacker there, it had changed my search engine from yahoo to itself. Yes, I did reset Chrome so it should be back to Google now.
     

    Attached Files:

  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    That is because your browser has the Download folder ( instead of the Desktop ) set as the default for downloads.
    It's not really a problem as long as all of the FRST downloads end up in the same folder.

    Ok, this is where it gets confusing...........
    The capture says:
    Which is very true.
    Now this is taken from your last FRST scan report:
    It shows that FRST and the fixlist.txt are in the same folder and fixlist file size matches the fix i uploaded for you..

    Can you open the Download folder and look inside to see if the FRST program and the fixlist are still located there.

    If both are located there.... the fix will run when the fix button is pressed.
    After the fix has run, another file will be added to the Download folder called 'fixlog.txt'..... this is the fix report i need.
    We need to get this fix run before we can continue.

    Thanks
     
  13. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Hello Starbuck. Well then that is the problem. Fst is in download folder and fix is in C, Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\dave\Downloads.
    NOTE.
    I didn't connect the fact that the two need to be together. I will download the both again and leave on the desk top and run from there. I'll send everything again. Thanks
     
  14. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Hello again Starbuck. Well this time I did get a fixlog. I have attached all. Thanks.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-12-2014
    Ran by dave at 2014-12-09 12:17:34 Run:1
    Running from C:\Users\dave\Desktop
    Loaded Profile: dave (Available profiles: dave)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    FF Extension: No Name - wrc@avast.com [Not Found]
    CHR HomePage: Default -> hxxp://Vosteran.com/?f=1&a=vst_ir_14_48_ff&cd=2XzuyEtN2Y1L1QzutDtD0F0F0D0A0FyB0CyEzz0EyB0D0B0BtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StBtDzzyEtAyBtB0CtG0EtD0D0FtG0CyEzy0AtGyEzzyD0BtGyE0A0B0AyBtCtB0A0FtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0BtBtDyC0FyC0AtG0FtCtBzytGyEyDzzzytG0B0Czz0AtGyEyCyEtA0A0EtDtDyEtDyB0E2Q&cr=2108094777&ir=
    CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ir_14_48_ff&cd=2XzuyEtN2Y1L1QzutDtD0F0F0D0A0FyB0CyEzz0EyB0D0B0BtN0D0Tzu0StCtDyCyEtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StBtDzzyEtAyBtB0CtG0EtD0D0FtG0CyEzy0AtGyEzzyD0BtGyE0A0B0AyBtCtB0A0FtB0A0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0BtBtDyC0FyC0AtG0FtCtBzytGyEyDzzzytG0B0Czz0AtGyEyCyEtA0A0EtDtDyEtDyB0E2Q&cr=2108094777&ir=", "hxxp://www.yahoosearch.com/", "https://www.yahoo.com/?fr=hp-avast&type=avastbcl"
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S3 tapSF0901; system32\DRIVERS\tapSF0901.sys [X]
    2014-12-04 09:18 - 2014-12-04 09:21 - 00000000 ____D () C:\sh4ldr
    2014-12-04 09:15 - 2014-12-04 09:15 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
    2014-12-04 09:11 - 2014-12-04 09:14 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer (1).exe
    2014-12-01 16:46 - 2014-12-04 09:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-12-01 16:44 - 2014-12-01 16:45 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\dave\Downloads\SpyHunter-Installer.exe
    C:\Users\dave\AppData\Local\Temp\Quarantine.exe
    C:\Users\dave\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\dave\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
    Task: {5B36BF17-D328-4B0D-85FE-6D89C99686ED} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Hosts:
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************

    HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value not found.
    FF Extension: No Name - wrc@avast.com [Not Found] => not found.
    Chrome HomePage not detected.
    Chrome StartupUrls not detected.
    "HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key not found.
    "HKU\S-1-5-21-1394844423-3040098348-1389167094-1000\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key not found.
    "HKU\S-1-5-21-1394844423-3040098348-1389167094-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce" => Key not found.
    BAPIDRV => Service not found.
    taphss6 => Service not found.
    tapSF0901 => Service not found.
    "C:\sh4ldr" => File/Directory not found.
    "C:\Windows\system32\Drivers\EsgScanner.sys" => File/Directory not found.
    "C:\Users\dave\Downloads\SpyHunter-Installer (1).exe" => File/Directory not found.
    "C:\Program Files\Enigma Software Group" => File/Directory not found.
    "C:\Users\dave\Downloads\SpyHunter-Installer.exe" => File/Directory not found.
    "C:\Users\dave\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
    "C:\Users\dave\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
    "HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => Key not found.
    "HKU\S-1-5-21-1394844423-3040098348-1389167094-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B36BF17-D328-4B0D-85FE-6D89C99686ED}" => Key not found.
    C:\Windows\System32\Tasks\SpyHunter4Startup not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key not found.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 31.5 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====
     

    Attached Files:

    Last edited by a moderator: Dec 9, 2014
  15. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    Nice one... i knew that we would get there in the end :)
    Let's clear up any leftover entries that Rogue Killer may find.

    • Close all the running processes
    • Double click the RogueKiller icon to run the program again.
      Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
    • Wait for the Prescan to finish.
    • Now click the Delete button.
    • Please copy and paste the report in your next reply.
    A copy of the RKreport.txt can be found on your desktop. ( if that is the directory that RK has been run from)
     
  16. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Good morning Starbuck, Eureka, I believe its done. Just give me the "all clear" and I will delete the FTS, etc and reports. Thanks.
    I had to copy and paste the report as the file ext would not upload.

    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : dave [Administrator]
    Mode : Delete -- Date : 12/10/2014 08:17:22

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=avastbcl -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=avastbcl -> Not selected
    [PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected
    [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmReleaseContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmGetContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) wtsapi32.dll - ImmGetContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) wtsapi32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) user32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) advapi32.dll - DwmIsCompositionEnabled : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) advapi32.dll - DwmExtendFrameIntoClientArea : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) windowscodecs.dll - DwmExtendFrameIntoClientArea : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) imm32.dll - WINNLSEnableIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) user32.dll - SHCreateItemFromParsingName : Unknown @ 0x0

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ATA ST9250315AS SCSI Disk Device +++++
    --- User ---
    [MBR] dd205f909723c5528f56ccd293bdd17e
    [BSP] 5655fe0ac665599d0e3f8a7e0eed46ca : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102374 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209868800 | Size: 135999 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
    --- User ---
    [MBR] 5626c1ea10acf7b25ae5b267d58dbadc
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8192 | Size: 15067 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_DEL_12072014_144347.log - RKreport_DEL_12092014_173449.log - RKreport_DEL_12092014_173513.log - RKreport_DEL_12092014_173544.log
    RKreport_SCN_12072014_144059.log - RKreport_SCN_12092014_173033.log - RKreport_SCN_12102014_081711.log
     
  17. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    I see that these lines haven't been dealt with.
    Rogue Killer has changed a bit since i last ran it..... A new UI and the entries used to be checked by default, seems that you have to tick them before clicking the Delete button.
    I'll have to change the RK canned speech to address this.

    • Close all the running processes
    • Double click the RogueKiller icon to run the program again.
      Vista/Win7/Win8 users should right click the icon and select Run as Administrator.
    • Wait for the Prescan to finish, then click the Scan button.
    • When finished, click the Registry tab and tick to select the lines showing.
    • Now click the Delete button.
    • Please copy and paste the report in your next reply.
    A copy of the RKreport.txt can be found on your desktop. ( if that is the directory that RK has been run from)

    Sorry about this.
     
  18. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Good morning Starbuck. No problem here, glad to get this fixed. See copy attached and Thanks.

    RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : dave [Administrator]
    Mode : Delete -- Date : 12/11/2014 07:33:34

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=avastbcl -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=avastbcl -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] HKEY_USERS\S-1-5-21-1394844423-3040098348-1389167094-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://ph.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmReleaseContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmGetContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) kernel32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) wtsapi32.dll - ImmGetContext : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) wtsapi32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) user32.dll - ImmIsIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) advapi32.dll - DwmIsCompositionEnabled : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) advapi32.dll - DwmExtendFrameIntoClientArea : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) windowscodecs.dll - DwmExtendFrameIntoClientArea : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) imm32.dll - WINNLSEnableIME : Unknown @ 0x0
    [IAT:Addr] (explorer.exe @ fsshell.dll) user32.dll - SHCreateItemFromParsingName : Unknown @ 0x0

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ATA ST9250315AS SCSI Disk Device +++++
    --- User ---
    [MBR] dd205f909723c5528f56ccd293bdd17e
    [BSP] 5655fe0ac665599d0e3f8a7e0eed46ca : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 102374 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209868800 | Size: 135999 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
    --- User ---
    [MBR] c31b4a86132e17ef551ed84979cfe846
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 7456 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_DEL_12072014_144347.log - RKreport_DEL_12092014_173449.log - RKreport_DEL_12092014_173513.log - RKreport_DEL_12092014_173544.log
    RKreport_DEL_12102014_081722.log - RKreport_SCN_12072014_144059.log - RKreport_SCN_12092014_173033.log - RKreport_SCN_12102014_081711.log
    RKreport_SCN_12112014_072955.log
     
  19. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Dave,

    That looks better now :)

    How is the system running?
    Any notifications or evidence of Vosteran now?

    Did you turn the Windows Updates on?
    Once the updates come through, you should get the SP1 and IE should update as well.

    If everything is fine, we need to remove the tools we have used.
    There is an easy way.......

    Download Delfix and save it to your desktop.
    • Ensure Remove disinfection tools is checked.
    • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore

      e784dacb6998c919c2f136ca95e82545.png
      .
    • Click the Run button.
    When the tool has finished, a log will open in notepad.... but i don't actually need this report

    Running this tool will remove everything we have used and will set you a new restore point.
     
  20. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    417
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    Acer Aspire
    CPU:
    See below
    Memory:
    Ditto
    Hard Drive:
    Ditto
    Graphics Card:
    Ditto
    Power Supply:
    Ditto
    Good morning. Ok , will do. The system is just naturally slow especially at night. During the day it runs good enough for all I do. Have seen no more traces of the virus. Thanks so much for your help. Merry x-mas if I don't talk to you before then. I will send CHF a little present once I figure out how to use pay pal from the Philippines. Take care.
     

Share This Page