Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: FBI/MoneyPak Ransomware - Want to Make Sure I'm Clean

  1. #1
    Junior Member
    Join Date
    Sep 2007
    Posts
    11

    Default FBI/MoneyPak Ransomware - Want to Make Sure I'm Clean

    Hi,

    I clicked a link this afternoon that took me to the FBI/MoneyPak Ransomware page which asks you to wire money via MoneyPak. Of course, I did not follow the instructions. I immediately exited the page from by hitting ctrl-alt-delete and exiting Chrome. Unfortunately, I then re-set Windows 7 to a Restore point from 8/28. I had not yet read the posting rules that caution against reverting to a Restore point. My PC is not currently hijacked or ransomed (the ransom demand isn't popping up when I try to use my PC) and I'm not seeing any obvious signs of malware. Nevertheless, I understand Ransomware has advanced and gotten more sneaky, and I want to make sure I don't have anything nasty running in the background that's logging my keystrokes, etc. I was hoping someone would review my FRST and MBR logs to make sure I don't have anything suspicious. Thank you very much in advance!

    FRST:
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
    Ran by Robin (administrator) on THINKCENTRE on 02-09-2014 22:02:04
    Running from C:\Users\Robin\Desktop
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Google Inc.) C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    (Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
    (Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
    HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-01-28] (Lenovo Group Limited)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
    HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [27464 2013-02-26] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [MusicManager] => C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
    HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-21] (Eye-Fi, Inc.)
    HKU\S-1-5-21-3528804664-3042301182-3867406685-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4525192 2014-08-01] (Plex, Inc.)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: 01UnsuppModule -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: 02SyncingModule -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: 03SyncedModule -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: 04ReadOnlyModule -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com/?pc=LNJB
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
    SearchScopes: HKLM-x32 - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {DD5893EC-A835-4715-B209-0244079A258C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB
    SearchScopes: HKCU - DefaultScope {DD5893EC-A835-4715-B209-0244079A258C} URL =
    SearchScopes: HKCU - {DD5893EC-A835-4715-B209-0244079A258C} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://mail.google.com/", "hxxp://www.washingtonpost.com/opinions", "hxxp://gundogforum.com/"
    CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
    CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-02]
    CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]
    CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
    CHR Extension: (Adblock Plus) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-02]
    CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
    CHR Extension: (Google News) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2014-08-02]
    CHR Extension: (Google Play Music) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-02]
    CHR Extension: (Plex) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2014-08-02]
    CHR Extension: (The Economist) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2014-08-02]
    CHR Extension: (Magisto - Magical Video Editor) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghmngbmfdgknokcefmkbjlcjabdklnlk [2014-08-02]
    CHR Extension: (avast! Online Security) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-02]
    CHR Extension: (Google Play) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-08-02]
    CHR Extension: (Pocket) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-08-02]
    CHR Extension: (WeatherBug) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-08-02]
    CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
    CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2014-08-02]
    CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
    S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [48832 2013-04-10] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
    R2 LBAEvent; C:\Program Files (x86)\Lenovo\LBAI\LBAEvent.exe [27464 2013-04-02] (Lenovo)
    S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
    S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
    R3 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [63816 2013-02-26] (Lenovo)
    S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186696 2013-02-26] (Lenovo Group Limited)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
    R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-24] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
    R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-03-18] (Intel Corporation)
    R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [16200 2013-04-02] (Lenovo)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-02 22:02 - 2014-09-02 22:02 - 00019817 _____ () C:\Users\Robin\Desktop\FRST.txt
    2014-09-02 22:00 - 2014-09-02 22:02 - 00000000 ____D () C:\FRST
    2014-09-02 22:00 - 2014-09-02 22:00 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
    2014-09-02 21:58 - 2014-09-02 21:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THINKCENTRE-Microsoft-Windows-7-Professional-(64-bit).dat
    2014-09-02 21:58 - 2014-09-02 21:58 - 00000000 ____D () C:\RegBackup
    2014-09-02 21:55 - 2014-09-02 21:55 - 04057608 _____ () C:\Users\Robin\Downloads\tweaking.com_registry_backup_setup.exe
    2014-09-02 21:55 - 2014-09-02 21:55 - 00002250 _____ () C:\Users\Robin\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-02 21:39 - 2014-09-02 21:39 - 00028603 _____ () C:\ComboFix.txt
    2014-09-02 21:33 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\system32\appmgmt
    2014-09-02 21:30 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-09-02 21:30 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-09-02 21:30 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-09-02 21:30 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-09-02 21:30 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-09-02 21:30 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-09-02 21:30 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-09-02 21:30 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-09-02 21:29 - 2014-09-02 21:39 - 00000000 ____D () C:\Windows\erdnt
    2014-09-02 21:29 - 2014-09-02 21:39 - 00000000 ____D () C:\Qoobox
    2014-09-02 21:16 - 2014-09-02 21:16 - 00000000 _____ () C:\autoexec.bat
    2014-09-02 21:14 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
    2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
    2014-09-02 20:50 - 2014-09-02 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Robin\Downloads\HijackThis.exe
    2014-09-02 20:50 - 2014-09-02 20:50 - 00012319 _____ () C:\Users\Robin\Downloads\hijackthis.log
    2014-09-02 20:40 - 2014-09-02 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-09-02 20:35 - 2014-09-02 20:37 - 11193392 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64.exe
    2014-09-02 16:34 - 2014-09-02 16:34 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iPod
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-02 16:26 - 2014-09-02 16:26 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2014-09-02 16:26 - 2014-09-02 16:26 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
    2014-09-02 16:26 - 2014-09-02 16:26 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
    2014-09-02 16:25 - 2014-09-02 16:25 - 25723644 _____ () C:\Users\Robin\Downloads\installer_win.exe
    2014-09-02 16:24 - 2014-09-02 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
    2014-09-02 16:22 - 2014-09-02 16:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-09-02 16:22 - 2014-09-02 16:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-02 16:22 - 2014-09-02 16:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-02 16:22 - 2014-09-02 16:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2014-09-02 16:21 - 2014-09-02 16:21 - 04862664 _____ (AVAST Software) C:\Users\Robin\Downloads\avast_free_antivirus_setup_online.exe
    2014-09-02 16:20 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-09-02 16:20 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-09-02 16:20 - 2014-08-22 18:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
    2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-02 14:56 - 2014-09-02 16:26 - 00000000 ____D () C:\Program Files\pia_manager
    2014-08-30 08:42 - 2014-08-30 08:42 - 00026112 _____ () C:\Users\Hayley\Downloads\query_12639_26313.xls
    2014-08-30 08:40 - 2014-08-30 08:40 - 00045568 _____ () C:\Users\Hayley\Downloads\tempPh71Oobc.xls
    2014-08-30 08:37 - 2014-08-30 08:37 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12639_26295.xls
    2014-08-30 08:36 - 2014-08-30 08:36 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26280.xls
    2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26278.xls
    2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Desktop\query_12638_26278.xls
    2014-08-30 08:35 - 2014-08-30 08:35 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823 (1).xls
    2014-08-30 08:26 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12638_30823.xls
    2014-08-30 08:25 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823.xls
    2014-08-30 08:24 - 2014-08-30 08:24 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12638_30816.xls
    2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12588_16997.xls
    2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12588_16997.xls
    2014-08-18 21:58 - 2014-08-18 21:58 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12588_16985.xls
    2014-08-16 03:00 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-16 03:00 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-08-16 03:00 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-08-16 03:00 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-16 03:00 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-16 03:00 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-16 03:00 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-08-16 03:00 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-08-15 15:02 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\Documents\My Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nitro PDF
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\GARMIN_Corp
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Program Files (x86)\Garmin
    2014-08-15 15:00 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Garmin
    2014-08-15 15:00 - 2014-08-15 15:00 - 53312376 _____ () C:\Users\Robin\Downloads\BaseCamp_435.exe
    2014-08-15 13:02 - 2014-08-06 20:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-15 13:02 - 2014-08-06 20:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-15 13:02 - 2014-07-31 17:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-15 13:02 - 2014-07-31 17:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-15 13:02 - 2014-07-25 08:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-15 13:02 - 2014-07-25 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-15 13:02 - 2014-07-25 08:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-15 13:02 - 2014-07-25 07:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-15 13:02 - 2014-07-25 07:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-15 13:02 - 2014-07-25 07:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-15 13:02 - 2014-07-25 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-15 13:02 - 2014-07-25 07:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-15 13:02 - 2014-07-25 07:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-15 13:02 - 2014-07-25 07:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-15 13:02 - 2014-07-25 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-15 13:02 - 2014-07-25 07:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-15 13:02 - 2014-07-25 07:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-15 13:02 - 2014-07-25 07:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-15 13:02 - 2014-07-25 07:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-15 13:02 - 2014-07-25 06:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-15 13:02 - 2014-07-25 06:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-15 13:02 - 2014-07-25 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-15 13:02 - 2014-07-25 06:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-15 13:02 - 2014-07-25 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-15 13:02 - 2014-07-25 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-15 13:02 - 2014-07-25 06:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-15 13:02 - 2014-07-25 06:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-15 13:02 - 2014-07-25 06:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-15 13:02 - 2014-07-25 06:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-15 13:02 - 2014-07-25 06:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-15 13:02 - 2014-07-25 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-15 13:02 - 2014-07-25 06:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-15 13:02 - 2014-07-25 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-15 13:02 - 2014-07-25 06:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-15 13:02 - 2014-07-25 06:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-15 13:02 - 2014-07-25 06:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-15 13:02 - 2014-07-25 06:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-15 13:02 - 2014-07-25 06:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-15 13:02 - 2014-07-25 05:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-15 13:02 - 2014-07-25 05:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-15 13:02 - 2014-07-25 05:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-15 13:02 - 2014-07-25 05:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-15 13:02 - 2014-07-25 05:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-15 13:02 - 2014-07-25 05:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-15 13:02 - 2014-07-25 05:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-15 13:02 - 2014-07-25 05:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-15 13:02 - 2014-07-25 05:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-15 13:02 - 2014-07-25 05:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-15 13:02 - 2014-07-25 05:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-15 13:02 - 2014-07-25 05:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-15 13:02 - 2014-07-25 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-15 13:02 - 2014-07-25 05:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-15 13:02 - 2014-07-25 04:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-15 13:02 - 2014-07-25 04:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-15 13:02 - 2014-07-25 04:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-15 13:02 - 2014-07-25 04:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-08-15 13:02 - 2014-07-25 04:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-15 13:02 - 2014-07-25 04:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-15 13:02 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-15 13:02 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-08-15 13:02 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-15 13:02 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-08-15 13:02 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-08-15 13:02 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-08-15 13:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-08-15 13:02 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-08-15 13:02 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-08-15 13:02 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-08-15 13:02 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-08-15 13:02 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-15 13:02 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-08-15 13:02 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-15 13:02 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-15 13:02 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-15 13:02 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-15 13:02 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-15 13:02 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-08-15 13:02 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-08-15 13:02 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-08-12 12:57 - 2014-08-12 12:57 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Apple
    2014-08-09 12:58 - 2014-08-09 13:04 - 516628867 _____ () C:\Users\Hayley\Downloads\Video.zip
    2014-08-09 12:54 - 2014-08-09 13:00 - 582762633 _____ () C:\Users\Hayley\Downloads\Photos.zip
    2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Nitro
    2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\FileOpen
    2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\ProgramData\FileOpen
    2014-08-04 19:32 - 2014-09-02 15:36 - 00000000 ____D () C:\Users\Robin\Downloads\Shareit
    2014-08-04 15:27 - 2014-08-04 19:03 - 00000000 ____D () C:\Users\Robin\AppData\Local\CloudStation
    2014-08-04 15:27 - 2014-08-04 15:27 - 00001162 _____ () C:\Users\Robin\Desktop\Synology Cloud Station.lnk
    2014-08-04 15:27 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
    2014-08-04 15:20 - 2014-08-04 15:20 - 32031440 _____ () C:\Users\Robin\Downloads\Synology-CloudStation-Setup-3111.exe
    2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Plex
    2014-08-04 15:01 - 2014-08-04 15:02 - 62222680 _____ (Plex, Inc.) C:\Users\Robin\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
    2014-08-04 14:10 - 2014-08-04 14:10 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Lenovo
    2014-08-04 02:22 - 2014-08-04 02:22 - 00000000 ____D () C:\Windows\system32\LSC
    2014-08-03 15:05 - 2014-08-03 15:05 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Titanium
    2014-08-03 14:22 - 2014-08-03 14:22 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\LSC
    2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieUserList
    2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieSiteList
    2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Intel Corporation
    2014-08-03 14:12 - 2014-09-02 16:42 - 00000000 ____D () C:\Users\Hayley
    2014-08-03 14:12 - 2014-08-03 14:12 - 00058016 _____ () C:\Users\Hayley\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-03 14:12 - 2014-08-03 14:12 - 00001428 _____ () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000020 ___SH () C:\Users\Hayley\ntuser.ini
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Leadertech
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Apple Computer
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\VirtualStore
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Google
    2014-08-03 14:12 - 2014-07-15 23:03 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Macromedia
    2014-08-03 14:12 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-08-03 14:12 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-08-03 13:55 - 2014-09-02 21:44 - 00000000 ____D () C:\Users\Robin\AppData\Local\Eye-Fi
    2014-08-03 13:55 - 2014-09-02 14:34 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Eye-Fi
    2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
    2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
    2014-08-03 13:41 - 2014-08-03 13:41 - 22619832 _____ (Eye-Fi, Inc.) C:\Users\Robin\Downloads\Setup.exe
    2014-08-03 13:20 - 2014-08-03 13:20 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Bonjour
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-08-03 13:20 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2014-08-03 12:41 - 2014-09-02 21:46 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job
    2014-08-03 12:41 - 2014-08-27 12:46 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job
    2014-08-03 12:41 - 2014-08-03 12:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA
    2014-08-03 12:41 - 2014-08-03 12:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core
    2014-08-03 12:41 - 2014-08-03 12:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
    2014-08-03 12:35 - 2014-08-03 12:35 - 00000000 ___HD () C:\Users\Robin\AppData\Roaming\.Lenovo

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-02 22:02 - 2014-09-02 22:02 - 00019817 _____ () C:\Users\Robin\Desktop\FRST.txt
    2014-09-02 22:02 - 2014-09-02 22:00 - 00000000 ____D () C:\FRST
    2014-09-02 22:00 - 2014-09-02 22:00 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
    2014-09-02 21:58 - 2014-09-02 21:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-THINKCENTRE-Microsoft-Windows-7-Professional-(64-bit).dat
    2014-09-02 21:58 - 2014-09-02 21:58 - 00000000 ____D () C:\RegBackup
    2014-09-02 21:55 - 2014-09-02 21:55 - 04057608 _____ () C:\Users\Robin\Downloads\tweaking.com_registry_backup_setup.exe
    2014-09-02 21:55 - 2014-09-02 21:55 - 00002250 _____ () C:\Users\Robin\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-02 21:55 - 2014-09-02 21:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-09-02 21:54 - 2009-07-13 22:51 - 00066146 _____ () C:\Windows\setupact.log
    2014-09-02 21:51 - 2009-07-13 22:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-02 21:51 - 2009-07-13 22:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-02 21:48 - 2014-07-15 22:57 - 01365695 _____ () C:\Windows\WindowsUpdate.log
    2014-09-02 21:48 - 2009-07-13 23:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-02 21:46 - 2014-08-03 12:41 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job
    2014-09-02 21:44 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Local\Eye-Fi
    2014-09-02 21:44 - 2014-08-02 18:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-09-02 21:44 - 2014-08-02 17:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-02 21:44 - 2010-11-20 21:47 - 00358336 _____ () C:\Windows\PFRO.log
    2014-09-02 21:44 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-02 21:44 - 2009-07-13 22:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-02 21:39 - 2014-09-02 21:39 - 00028603 _____ () C:\ComboFix.txt
    2014-09-02 21:39 - 2014-09-02 21:29 - 00000000 ____D () C:\Windows\erdnt
    2014-09-02 21:39 - 2014-09-02 21:29 - 00000000 ____D () C:\Qoobox
    2014-09-02 21:38 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
    2014-09-02 21:33 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\system32\appmgmt
    2014-09-02 21:33 - 2014-09-02 21:14 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
    2014-09-02 21:20 - 2014-07-15 23:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-09-02 21:19 - 2014-08-02 17:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-02 21:16 - 2014-09-02 21:16 - 00000000 _____ () C:\autoexec.bat
    2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
    2014-09-02 20:50 - 2014-09-02 20:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Robin\Downloads\HijackThis.exe
    2014-09-02 20:50 - 2014-09-02 20:50 - 00012319 _____ () C:\Users\Robin\Downloads\hijackthis.log
    2014-09-02 20:41 - 2014-09-02 20:40 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-09-02 20:37 - 2014-09-02 20:35 - 11193392 _____ (SurfRight B.V.) C:\Users\Robin\Downloads\HitmanPro_x64.exe
    2014-09-02 16:42 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley
    2014-09-02 16:42 - 2014-08-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-09-02 16:34 - 2014-09-02 16:34 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iTunes
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files\iPod
    2014-09-02 16:34 - 2014-09-02 16:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-09-02 16:26 - 2014-09-02 16:26 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2014-09-02 16:26 - 2014-09-02 16:26 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
    2014-09-02 16:26 - 2014-09-02 16:26 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
    2014-09-02 16:26 - 2014-09-02 14:56 - 00000000 ____D () C:\Program Files\pia_manager
    2014-09-02 16:25 - 2014-09-02 16:25 - 25723644 _____ () C:\Users\Robin\Downloads\installer_win.exe
    2014-09-02 16:24 - 2014-09-02 16:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
    2014-09-02 16:23 - 2014-09-02 16:22 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-09-02 16:22 - 2014-09-02 16:22 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-02 16:22 - 2014-09-02 16:22 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-02 16:22 - 2014-09-02 16:22 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-02 16:22 - 2014-09-02 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2014-09-02 16:21 - 2014-09-02 16:21 - 04862664 _____ (AVAST Software) C:\Users\Robin\Downloads\avast_free_antivirus_setup_online.exe
    2014-09-02 16:15 - 2014-08-02 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
    2014-09-02 16:15 - 2014-08-02 17:59 - 00000000 ____D () C:\Program Files\PeerBlock
    2014-09-02 16:15 - 2014-08-02 17:56 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\BitTorrent
    2014-09-02 16:15 - 2014-08-02 16:44 - 00000000 ____D () C:\Users\Robin
    2014-09-02 16:15 - 2014-07-15 22:27 - 00000000 ____D () C:\ProgramData\Lenovo
    2014-09-02 16:15 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
    2014-09-02 16:00 - 2014-07-15 23:03 - 00000000 ____D () C:\ProgramData\Adobe
    2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
    2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-09-02 15:45 - 2014-09-02 15:45 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-09-02 15:39 - 2014-09-02 15:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-02 15:36 - 2014-08-04 19:32 - 00000000 ____D () C:\Users\Robin\Downloads\Shareit
    2014-09-02 14:34 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Eye-Fi
    2014-08-30 08:42 - 2014-08-30 08:42 - 00026112 _____ () C:\Users\Hayley\Downloads\query_12639_26313.xls
    2014-08-30 08:40 - 2014-08-30 08:40 - 00045568 _____ () C:\Users\Hayley\Downloads\tempPh71Oobc.xls
    2014-08-30 08:37 - 2014-08-30 08:37 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12639_26295.xls
    2014-08-30 08:36 - 2014-08-30 08:36 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26280.xls
    2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Downloads\query_12638_26278.xls
    2014-08-30 08:35 - 2014-08-30 08:35 - 00023552 _____ () C:\Users\Hayley\Desktop\query_12638_26278.xls
    2014-08-30 08:35 - 2014-08-30 08:35 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823 (1).xls
    2014-08-30 08:25 - 2014-08-30 08:26 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12638_30823.xls
    2014-08-30 08:25 - 2014-08-30 08:25 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12638_30823.xls
    2014-08-30 08:24 - 2014-08-30 08:24 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12638_30816.xls
    2014-08-27 12:46 - 2014-08-03 12:41 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job
    2014-08-22 20:07 - 2014-09-02 16:20 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-22 19:45 - 2014-09-02 16:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-22 18:59 - 2014-09-02 16:20 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Downloads\query_12588_16997.xls
    2014-08-18 22:01 - 2014-08-18 22:01 - 00019456 _____ () C:\Users\Hayley\Desktop\query_12588_16997.xls
    2014-08-18 21:58 - 2014-08-18 21:58 - 00015872 _____ () C:\Users\Hayley\Downloads\query_12588_16985.xls
    2014-08-16 12:55 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-08-16 03:44 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-16 03:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-16 03:02 - 2014-08-02 18:06 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-16 03:01 - 2014-08-02 18:06 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-16 03:00 - 2014-08-02 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-15 15:02 - 2014-08-15 15:02 - 00000000 ____D () C:\Users\Robin\Documents\My Garmin
    2014-08-15 15:02 - 2014-08-15 15:00 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nitro PDF
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\GARMIN_Corp
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Users\Robin\AppData\Local\Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\ProgramData\Garmin
    2014-08-15 15:01 - 2014-08-15 15:01 - 00000000 ____D () C:\Program Files (x86)\Garmin
    2014-08-15 15:01 - 2014-07-15 22:57 - 00000000 ____D () C:\Program Files\DIFX
    2014-08-15 15:00 - 2014-08-15 15:00 - 53312376 _____ () C:\Users\Robin\Downloads\BaseCamp_435.exe
    2014-08-15 00:48 - 2014-07-15 23:03 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
    2014-08-12 12:57 - 2014-08-12 12:57 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Apple
    2014-08-09 13:04 - 2014-08-09 12:58 - 516628867 _____ () C:\Users\Hayley\Downloads\Video.zip
    2014-08-09 13:00 - 2014-08-09 12:54 - 582762633 _____ () C:\Users\Hayley\Downloads\Photos.zip
    2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Nitro
    2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\FileOpen
    2014-08-09 12:38 - 2014-08-09 12:38 - 00000000 ____D () C:\ProgramData\FileOpen
    2014-08-07 22:38 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-08-06 20:06 - 2014-08-15 13:02 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-06 20:01 - 2014-08-15 13:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-04 19:03 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Local\CloudStation
    2014-08-04 15:27 - 2014-08-04 15:27 - 00001162 _____ () C:\Users\Robin\Desktop\Synology Cloud Station.lnk
    2014-08-04 15:27 - 2014-08-04 15:27 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
    2014-08-04 15:20 - 2014-08-04 15:20 - 32031440 _____ () C:\Users\Robin\Downloads\Synology-CloudStation-Setup-3111.exe
    2014-08-04 15:03 - 2014-08-02 18:03 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
    2014-08-04 15:02 - 2014-08-04 15:02 - 00000000 ____D () C:\Program Files (x86)\Plex
    2014-08-04 15:02 - 2014-08-04 15:01 - 62222680 _____ (Plex, Inc.) C:\Users\Robin\Downloads\Plex-Media-Server-0.9.914.531-7eef8c6-en-US.exe
    2014-08-04 14:10 - 2014-08-04 14:10 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Lenovo
    2014-08-04 03:00 - 2014-07-15 23:03 - 00775352 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-08-04 02:22 - 2014-08-04 02:22 - 00000000 ____D () C:\Windows\system32\LSC
    2014-08-03 15:20 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Local\Plex Media Server
    2014-08-03 15:05 - 2014-08-03 15:05 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Titanium
    2014-08-03 14:22 - 2014-08-03 14:22 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\LSC
    2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieUserList
    2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 __SHD () C:\Users\Hayley\AppData\Local\EmieSiteList
    2014-08-03 14:13 - 2014-08-03 14:13 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Intel Corporation
    2014-08-03 14:12 - 2014-08-03 14:12 - 00058016 _____ () C:\Users\Hayley\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-08-03 14:12 - 2014-08-03 14:12 - 00001428 _____ () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000020 ___SH () C:\Users\Hayley\ntuser.ini
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Leadertech
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Apple Computer
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\VirtualStore
    2014-08-03 14:12 - 2014-08-03 14:12 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Google
    2014-08-03 14:03 - 2014-08-02 19:24 - 00000000 ____D () C:\Users\Robin\AppData\Local\Lenovo
    2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye-Fi
    2014-08-03 13:55 - 2014-08-03 13:55 - 00000000 ____D () C:\Program Files (x86)\Eye-Fi
    2014-08-03 13:41 - 2014-08-03 13:41 - 22619832 _____ (Eye-Fi, Inc.) C:\Users\Robin\Downloads\Setup.exe
    2014-08-03 13:31 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Apple Computer
    2014-08-03 13:20 - 2014-08-03 13:20 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\ProgramData\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files\Bonjour
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-08-03 13:20 - 2014-08-03 13:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-08-03 13:20 - 2014-08-02 18:04 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apple Computer
    2014-08-03 12:41 - 2014-08-03 12:41 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA
    2014-08-03 12:41 - 2014-08-03 12:41 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core
    2014-08-03 12:41 - 2014-08-03 12:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
    2014-08-03 12:41 - 2014-08-02 17:14 - 00000000 ____D () C:\Users\Robin\AppData\Local\Google
    2014-08-03 12:35 - 2014-08-03 12:35 - 00000000 ___HD () C:\Users\Robin\AppData\Roaming\.Lenovo
    2014-08-03 12:31 - 2014-08-02 18:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-27 00:25

    ==================== End Of Log ============================

    FRST Addition Log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
    Ran by Robin at 2014-09-02 22:02:20
    Running from C:\Users\Robin\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
    Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32692 - BitTorrent Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
    Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
    Garmin BaseCamp (HKLM-x32\...\{CBB4288D-2D32-43BB-8FCE-3F102E385956}) (Version: 4.3.5 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
    Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
    Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
    Intel(R) Update Manager (x32 Version: 1.0.0.36888 - Intel Corporation) Hidden
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
    LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}_is1) (Version: 1.0.0.8 - Lenovo Group Limited)
    Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
    Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
    Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.4.0 - Lenovo Group Limited)
    Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
    Lenovo Solutions for Small Business (HKLM-x32\...\{6A6D86CD-B004-46b7-8951-7BB75A776F8C}) (Version: 2.0.32.7350 - Intel(R) Corporation)
    Lenovo Solutions for Small Business Customizations (HKLM-x32\...\{AFD7B869-3B70-40C7-8983-769256BA3BD2}) (Version: 2.0.0004.00 - Lenovo Group Limited)
    Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
    Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
    Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
    Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.14.3 - Marvell)
    Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
    Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
    Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.)
    Nitro Pro 8 (HKLM\...\{35E1FF5F-E8E1-4DE2-B3EC-BBE296B27336}) (Version: 8.5.2.10 - Nitro)
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    Plex Media Server (HKLM-x32\...\{9eb61479-6f2f-43c4-bfe8-12a7ea9d1acb}) (Version: 0.9.914 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.914 - Plex, Inc.) Hidden
    Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.01.0004 - Lenovo Group Limited)
    Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0230 - REALTEK Semiconductor Corp.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
    Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
    Synology Cloud Station (remove only) (HKCU\...\Synology CloudStation) (Version: - )
    ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.42.0 - Lenovo)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
    View Management Utility (HKLM\...\View Management Utility_is1) (Version: 3.0.1.20120921 - Lenovo Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
    Windows Driver Package - Intel (e1dexpress) Net (02/26/2013 12.6.47.0) (HKLM\...\F33A1BB12CD7108455BD796E038CD7B0B4732FBB) (Version: 02/26/2013 12.6.47.0 - Intel)
    Windows Driver Package - Intel Corporation (igfx) Display (06/24/2013 9.18.10.3220) (HKLM\...\279F572DD6D797E852EE092875A1D4B6A65C48EF) (Version: 06/24/2013 9.18.10.3220 - Intel Corporation)
    Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\0A6166936538BB5B864A5723AF3A45E6D54FC14A) (Version: 02/25/2013 9.4.0.1017 - Intel)
    Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\AE21626B45E3873B80BDD584D229A19CD48EF2D0) (Version: 02/25/2013 9.4.0.1017 - Intel)
    Windows Driver Package - Intel System (02/25/2013 9.4.0.1017) (HKLM\...\D0BD2762F58C24C10CB784FDD17B9D98FF2470FF) (Version: 02/25/2013 9.4.0.1017 - Intel)
    Windows Driver Package - Intel USB (02/25/2013 9.4.0.1017) (HKLM\...\65AB5CB2D70EB936A3BC424D9E64EF8B676558B4) (Version: 02/25/2013 9.4.0.1017 - Intel)
    Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (05/22/2013 6.16.00.3112) (HKLM\...\1CD14F8CAAAFF160D1FB8F12ABC0298A517BB394) (Version: 05/22/2013 6.16.00.3112 - Intel(R) Corporation)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (02/19/2013 6.0.1.6844) (HKLM\...\2EA098366EBDF7112F40FDC23F33AEEB37BD2732) (Version: 02/19/2013 6.0.1.6844 - Realtek Semiconductor Corp.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\ContextMenu.dll ()
    CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\iconOverlay.dll (TODO: <Company name>)
    CustomCLSID: HKU\S-1-5-21-3528804664-3042301182-3867406685-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Robin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    24-08-2014 06:00:00 Scheduled Checkpoint
    28-08-2014 09:00:10 Windows Update
    02-09-2014 20:57:02 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
    02-09-2014 21:45:47 avast! antivirus system restore point
    02-09-2014 22:15:16 Restore Operation
    02-09-2014 22:21:42 avast! antivirus system restore point
    02-09-2014 22:26:51 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
    03-09-2014 03:14:24 Installed SpyHunter
    03-09-2014 03:31:16 Removed SpyHunter
    03-09-2014 03:32:51 Removed SpyHunter
    03-09-2014 03:41:35 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2014-09-02 21:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {118EC617-2FE3-42B0-920E-60E275630759} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
    Task: {1F79D11E-3FBA-436C-AAC9-4620BB835DAA} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
    Task: {31E27B04-F765-4AC6-8BC7-02EEA7913BEB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
    Task: {3A4B1E03-C587-4372-A9CC-39C869CC9AC8} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2013-02-26] (Lenovo Group Limited)
    Task: {3AEF64A3-98AE-41BE-AF60-DB7CBC26D238} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-09-02] ()
    Task: {4615B8F8-0E24-446A-B72E-F242B7BF7852} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
    Task: {55C20559-D05F-4828-9221-AD15E0D5A102} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {5AE24D1A-E9E3-4B81-AD27-EEF0196AEDED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
    Task: {5B37534F-AB79-489A-A609-C8D8E0E2048E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
    Task: {77F85197-567A-4BC3-A6EC-C787934FAFB2} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
    Task: {8FA39B68-13FC-4840-B43F-3D76FDD89FA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-03] (Google Inc.)
    Task: {944F3E80-91C9-4682-A7A2-48D086B368DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-02] (Google Inc.)
    Task: {958C6667-406A-4E0D-AA40-F3E93CB4B99D} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
    Task: {A2D32512-10A9-4000-9C33-0D736868D9BA} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
    Task: {A4DE0AF3-194E-483B-B220-9BC8DEA3BF97} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-02] (AVAST Software)
    Task: {A924256E-B538-46CD-AA41-71E3AD081CD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
    Task: {B1FE1F6C-9248-4B8F-A9C3-0CCFF2D868F2} - System32\Tasks\Intel(R) Small Business Advantage\Notifier => C:\Program Files\Intel\Intel(R) Small Business Advantage\UI\SBA_Notifier.exe [2013-04-10] (Intel Corporation)
    Task: {BC7E75BD-4919-4740-8D35-61111A63FA57} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-06] (Lenovo)
    Task: {BD818FE5-6495-461D-BD9D-22ACD52095A9} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
    Task: {CC0F5B1F-61AB-4B45-91C8-F74EA4875E9C} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-06] ()
    Task: {DE839F6E-C172-4094-A2DC-A20444CCCF8B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-19] (Realtek Semiconductor)
    Task: {E28A3512-A010-4CE9-BF3B-059DE8AB7EA0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
    Task: {E6A41F9B-71B1-45A2-B73C-A9E09D9CF392} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-05-06] (Lenovo)
    Task: {EB49F532-D415-403A-972C-8DA4B8E0E5F4} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe [2014-05-06] (Lenovo)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000Core.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528804664-3042301182-3867406685-1000UA.job => C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-02-24 19:28 - 2014-02-24 19:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
    2014-06-11 08:08 - 2014-06-11 08:08 - 00909312 _____ () C:\Users\Robin\AppData\Local\CloudStation\iconoverlay_v7\IconOverlayDLLs_x64\ContextMenu.dll
    2014-07-15 23:03 - 2013-02-26 17:31 - 00035656 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
    2014-09-02 16:22 - 2014-09-02 16:22 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-09-02 16:22 - 2014-09-02 16:22 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\14090201\algo.dll
    2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-08-02 18:21 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-08-02 18:21 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2014-08-02 18:21 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-08-02 18:21 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2014-08-02 18:21 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2013-12-10 15:06 - 2013-12-10 15:06 - 10683392 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
    2013-12-10 15:06 - 2013-12-10 15:06 - 07741952 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
    2013-12-10 15:06 - 2013-12-10 15:06 - 02248192 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
    2013-12-10 15:06 - 2013-12-10 15:06 - 01681408 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
    2014-05-15 15:20 - 2014-05-15 15:20 - 00117248 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
    2014-05-15 15:20 - 2014-05-15 15:20 - 00231936 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
    2014-05-15 15:21 - 2014-05-15 15:21 - 00253440 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
    2014-05-15 15:24 - 2014-05-15 15:24 - 00344064 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
    2013-12-10 15:06 - 2013-12-10 15:06 - 00026624 _____ () C:\Users\Robin\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
    2011-12-21 22:59 - 2011-12-21 22:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
    2011-12-21 22:56 - 2011-12-21 22:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 02100360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 01923720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
    2014-08-01 22:13 - 2014-08-01 22:13 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
    2014-08-01 22:13 - 2014-08-01 22:13 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
    2014-08-01 22:13 - 2014-08-01 22:13 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
    2014-08-01 22:13 - 2014-08-01 22:13 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
    2014-08-01 22:13 - 2014-08-01 22:13 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
    2014-09-02 16:22 - 2014-09-02 16:22 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00035976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
    2014-08-01 22:14 - 2014-08-01 22:14 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
    2014-08-01 22:14 - 2014-08-01 22:14 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
    2014-08-13 07:22 - 2014-08-06 21:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
    2014-08-13 07:22 - 2014-08-06 21:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
    2014-08-13 07:22 - 2014-08-06 21:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
    2014-08-13 07:22 - 2014-08-06 21:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
    2014-08-13 07:22 - 2014-08-06 21:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
    2014-07-15 22:59 - 2013-03-12 15:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/02/2014 09:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 04:16:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 03:45:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1f08

    Start Time: 01cfc6f41b46f604

    Termination Time: 4

    Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    Report Id: 5fe7124b-32ea-11e4-bf58-0023245d7c9c

    Error: (08/28/2014 02:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/28/2014 03:15:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/16/2014 03:19:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 19032

    Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 19032

    Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/10/2014 02:34:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18034


    System errors:
    =============
    Error: (09/02/2014 09:38:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (09/02/2014 09:38:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (09/02/2014 09:37:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (09/02/2014 08:37:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Small Business Advantage service terminated unexpectedly. It has done this 1 time(s).

    Error: (09/02/2014 08:31:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.

    Error: (09/02/2014 04:45:02 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

    Error: (08/28/2014 02:30:24 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 2:29:37 PM on ‎8/‎28/‎2014 was unexpected.

    Error: (08/26/2014 04:58:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Small Business Advantage service terminated unexpectedly. It has done this 1 time(s).

    Error: (08/25/2014 08:13:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.

    Error: (08/20/2014 06:11:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.


    Microsoft Office Sessions:
    =========================
    Error: (09/02/2014 09:44:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 04:16:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/02/2014 03:45:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SDScan.exe2.4.40.1811f0801cfc6f41b46f6044C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe5fe7124b-32ea-11e4-bf58-0023245d7c9c

    Error: (08/28/2014 02:30:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/28/2014 03:15:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/16/2014 03:19:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 19032

    Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 19032

    Error: (08/10/2014 02:34:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (08/10/2014 02:34:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 18034


    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-02 21:38:35.158
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-09-02 21:38:35.110
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4570T CPU @ 2.90GHz
    Percentage of memory in use: 33%
    Total physical RAM: 8082 MB
    Available physical RAM: 5398.54 MB
    Total Pagefile: 16162.17 MB
    Available Pagefile: 13184.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:102.33 GB) (Free:50.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive q: (Lenovo_Recovery) (Fixed) (Total:15.44 GB) (Free:3.43 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 119.2 GB) (Disk ID: 0B17766B)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=102.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    aswMBR log:

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-09-02 22:03:42
    -----------------------------
    22:03:42.573 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:03:42.573 Number of processors: 4 586 0x3C03
    22:03:42.573 ComputerName: THINKCENTRE UserName: Robin
    22:03:42.720 Initialize success
    22:03:42.720 VM: initialized successfully
    22:03:42.721 VM: Intel CPU BiosDisabled
    22:03:49.686 VM: disk I/O iaStorA.sys
    22:03:52.455 AVAST engine defs: 14090201
    22:04:06.860 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
    22:04:06.861 Disk 0 Vendor: ATA_____ 205_ Size: 122104MB BusType: 11
    22:04:06.865 Disk 0 MBR read successfully
    22:04:06.866 Disk 0 MBR scan
    22:04:06.868 Disk 0 unknown MBR code
    22:04:06.869 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
    22:04:06.871 Disk 0 Boot: NTFS code=1
    22:04:06.873 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 104790 MB offset 3074048
    22:04:06.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15812 MB offset 217683968
    22:04:06.880 Disk 0 scanning C:\Windows\system32\drivers
    22:04:08.733 Service scanning
    22:04:12.438 Modules scanning
    22:04:12.440 Disk 0 trace - called modules:
    22:04:12.447 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
    22:04:12.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c66060]
    22:04:12.451 3 CLASSPNP.SYS[fffff880017cf43f] -> nt!IofCallDriver -> [0xfffffa8006b5bc50]
    22:04:12.453 5 iaStorF.sys[fffff8800163ba2c] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80069ee480]
    22:04:12.581 AVAST engine scan C:\Windows
    22:04:12.896 AVAST engine scan C:\Windows\system32
    22:04:44.552 AVAST engine scan C:\Windows\system32\drivers
    22:04:46.989 AVAST engine scan C:\Users\Robin
    22:04:57.063 AVAST engine scan C:\ProgramData
    22:05:06.259 Scan finished successfully
    22:05:34.650 Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"
    22:05:34.653 The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"
    Last edited by tashi; 2014-09-03 at 09:19. Reason: Merged two posts, helpers look for a zero response. :-)

  2. #2
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hello lambo, welcome to Spybot's Malware Removal forum!

    My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
    If you would allow me to call you by your first name I would prefer that.

    ======================================================

    Please read through the points below to ensure this process moves as quickly and efficiently as possible.
    • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
    • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
    • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
    • Please backup important documents before proceeding with my instructions.
    • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.


    ======================================================

    Are you the owner of this machine, or does it belong to a business/organisation?
    Last edited by LiquidTension; 2014-09-03 at 17:25.
    Member of UNITE, and graduate from WTT.

  3. #3
    Junior Member
    Join Date
    Sep 2007
    Posts
    11

    Default

    Hi Adam. You may call me Robin. I am indeed the owner of this machine. Thanks so much for your help.

  4. #4
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hi Robin,

    I do not see anything particularly concerning in your logs so far. The scan from aswMBR indicates an unknown MBR code; this either signifies an infected MBR or an Original Equipment Manufacturer (OEM) MBR. Yours is likely the later (based on the contents of the FRST logs). We'll run an online scan to confirm this is the case.

    I would like to bring the following three points to your attention before we begin. The first concerns your Synology software/device(s). Ransomware that specifically targets this type of device was discovered last month. You can read about this type of ransomware here. From your logs so far, there is no indication you are infected with this malware (or any malware); I simply wish to provide this information for future reference.

    The second point concerns your use of P2P filesharing software. Please consider the following warning.

    P2P WARNING

    ------------------------------

    I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.


    Your P2P software can be removed by following the instructions below.
    • Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the aforementioned programmes, right-click and click Uninstall.
    • Let me know if you've decided to remove the programme.

    If you choose not to remove the programme(s), please refrain from using them during this process.

    And the third is in regards to your use of ComboFix.

    ComboFix Warning

    ------------------------------

    From your logs I can see you have run ComboFix, a powerful first-responder malware removal tool, designed to remove some of the toughest infections; including bootkits, rootkits and backdoors. As stated in the disclaimer, the tool should not be used by someone untrained in its usage. Doing so may cause unforeseen circumstances, and could render your machine unbootable. For more information on why you should not run ComboFix without supervision, please read the following article.

    As you have already run ComboFix, I would like to see the log generated. Please navigate to your root folder (usually C:\) and open ComboFix.txt. Copy the contents of the log and paste in your next reply.

    Lets check your MBR.

    VirusTotal Upload
    • Please go to VirusTotal.com.
    • Click Choose File and locate the following file:

      • C:\Users\Robin\Desktop\MBR.dat

    • Click Scan it!.
    • If you receive the following notification: File already analysed click Reanalyse.
    • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
    Member of UNITE, and graduate from WTT.

  5. #5
    Junior Member
    Join Date
    Sep 2007
    Posts
    11

    Default

    Thank you very much for the information regarding those three issues. I called Synology about the Ransomware issue when it first popped up about a month ago. The service tech told me the ransomware was only infecting Synology NAS's with earlier versions of the Synology OS/firmware at that time. Anyway, I'm glad to hear you don't see any evidence that my NAS is infected. Regarding Combofix, I did run Combofix before I saw the instructions on this forum. I did not reallze it was such a dangerous tool. In the future, I will know not to run Combofix or to restore windows 7 to a previous restore point without expert guidance. I hope running Combofix did not cause any issues.

    I analyzed the MBR.dat file per your instructions. Here are the results: https://www.virustotal.com/en/file/a...is/1409798214/. Thanks so much for your help!

  6. #6
    Security Expert- Visiting Fellow LiquidTension's Avatar
    Join Date
    May 2014
    Posts
    121

    Default

    Hi Robin,

    I hope running Combofix did not cause any issues.
    I don't think so. Please include C:\ComboFix.txt in your next reply.


    STEP 1
    Farbar Recovery Scan Tool (FRST) Script
    • Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
    • Copy the entire contents of the codebox below and paste into the Notepad document (do not include the word "Quote").
      start
      2014-09-02 21:14 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
      2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
      2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
      2014-09-02 21:44 - 2014-08-02 18:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
      Folder: C:\Users\Hayley\AppData\Roaming\Leadertech
      CMD: ipconfig /flushdns
      CMD: netsh winsock reset all
      CMD: netsh int ipv4 reset
      CMD: netsh int ipv6 reset
      CMD: bitsadmin /reset /allusers
      EmptyTemp:
      end
    • Click File, Save As and type fixlist.txt as the File Name.
    • Important: The file must be saved in the same location as FRST64.exe.

    NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
    • Right-Click FRST64.exe and select Run as administrator to run the programme.
    • Click Fix.
    • A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.


    STEP 2
    AdwCleaner
    • Please download AdwCleaner and save the file to your desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.


    STEP 3
    Junkware Removal Tool (JRT)
    • Please download Junkware Removal Tool and save the file to your desktop.
    • Note: If you unchecked any items in AdwCleaner, please backup the associated files/folders prior to running JRT.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Right-Click JRT.exe and select Run as administrator to run the programme.
    • Follow the prompts and allow the scan to run uninterrupted.
    • Upon completion, a log (JRT.txt) will open on your desktop.
    • Re-enable your anti-virus software.
    • Copy the contents of JRT.txt and paste in your next reply.


    ======================================================

    STEP 4
    Logs
    In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
    • Fixlog.txt
    • AdwCleaner[S0].txt
    • JRT.txt
    • ComboFix.txt
    Member of UNITE, and graduate from WTT.

  7. #7
    Junior Member
    Join Date
    Sep 2007
    Posts
    11

    Default

    Contents of Fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014
    Ran by Robin at 2014-09-04 16:42:25 Run:1
    Running from C:\Users\Robin\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    2014-09-02 21:14 - 2014-09-02 21:33 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
    2014-09-02 21:14 - 2014-09-02 21:14 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-09-02 21:12 - 2014-09-02 21:12 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Robin\Downloads\SpyHunter-Installer.exe
    2014-09-02 21:44 - 2014-08-02 18:04 - 00000000 ____D () C:\ProgramData\boost_interprocess
    Folder: C:\Users\Hayley\AppData\Roaming\Leadertech
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
    *****************

    C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP => Moved successfully.
    C:\Program Files\Enigma Software Group => Moved successfully.
    C:\Users\Robin\Downloads\SpyHunter-Installer.exe => Moved successfully.

    "C:\ProgramData\boost_interprocess" directory move:

    C:\ProgramData\boost_interprocess\20140902214414.109999\plex_frame_mutex => Moved successfully.
    Could not move "C:\ProgramData\boost_interprocess" directory. => Scheduled to move on reboot.


    ========================= Folder: C:\Users\Hayley\AppData\Roaming\Leadertech ========================

    2014-08-03 14:12 - 2014-08-03 14:12 - 0000000 ____D () C:\Users\Hayley\AppData\Roaming\Leadertech\PowerRegister
    2014-08-03 14:12 - 2014-09-03 07:12 - 0000239 _____ () C:\Users\Hayley\AppData\Roaming\Leadertech\PowerRegister\PowerReg.dat

    ====== End of Folder: ======


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset all =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Reseting Global, OK!
    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========

    EmptyTemp: => Removed 583.6 MB temporary data.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-04 16:44:10)<=

    C:\ProgramData\boost_interprocess => Is moved successfully.

    ==== End of Fixlog ====

  8. #8
    Junior Member
    Join Date
    Sep 2007
    Posts
    11

    Default

    Contents of AdwCleaner Log:

    # AdwCleaner v3.309 - Report created 04/09/2014 at 16:56:54
    # Updated 02/09/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Robin - THINKCENTRE
    # Running from : C:\Users\Robin\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Windows\Util

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Google Chrome v37.0.2062.103

    [ File : C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [923 octets] - [04/09/2014 16:49:24]
    AdwCleaner[S0].txt - [847 octets] - [04/09/2014 16:56:54]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [906 octets] ##########

  9. #9
    Junior Member
    Join Date
    Sep 2007
    Posts
    11

    Default

    Contents of JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x64
    Ran by Robin on Thu 09/04/2014 at 17:03:04.16
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 09/04/2014 at 17:06:45.40
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  10. #10
    Junior Member
    Join Date
    Sep 2007
    Posts
    11

    Default

    Unfortunately, I'm not able to find a combofix.txt file. I previously uninstalled combofix after running it. Is it possible the combofix log file was automatically deleted when I uninstalled combofix? Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •