Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-08-2014 01 Ran by Weezie's (administrator) on WEEZIES-PC on 09-08-2014 08:31:42 Running from C:\Users\Weezie's\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () C:\Users\Weezie's\AppData\Local\Amazon Music\Amazon Music Helper.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-27] (Microsoft Corporation) HKU\S-1-5-21-3740249346-3830371813-3802418496-1001\...\Run: [Amazon Music] => C:\Users\Weezie's\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] () HKU\S-1-5-21-3740249346-3830371813-3802418496-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => C:\ProgramData\Fast And Safe\FastAndSafe_x64.dll [4302848 2014-07-19] () Startup: C:\Users\Weezie's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8 SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=M5BEAB29E-8C60-4F80-B475-D50796248267&SearchSource=58&CUI=&UM=6&UP=SP1B2D7B62-C78F-4860-9E71-B21ADAB01A8D&q={searchTerms}&SSPV= SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3323924&octid=EB_ORIGINAL_CTID&ISID=M5BEAB29E-8C60-4F80-B475-D50796248267&SearchSource=58&CUI=&UM=6&UP=SP1B2D7B62-C78F-4860-9E71-B21ADAB01A8D&q={searchTerms}&SSPV= SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA) Winsock: Catalog9-x64 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Winsock: Catalog9-x64 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Winsock: Catalog9-x64 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Winsock: Catalog9-x64 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Winsock: Catalog9-x64 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Winsock: Catalog9-x64 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Winsock: Catalog9-x64 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Winsock: Catalog9-x64 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll [434208] (NVIDIA) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) Chrome: ======= CHR StartupUrls: "hxxp://msn.com/" CHR Extension: (Video Bookmarks) - C:\Users\Weezie's\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpgpmmooejhfhojndincjeonokodggj [2014-08-04] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] () R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-24] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) U4 Avgdiska; system32\DRIVERS\avgdiska.sys [X] R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X] R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X] R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X] S1 ssnfd; system32\drivers\ssnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 08:31 - 2014-08-09 08:32 - 00013003 _____ () C:\Users\Weezie's\Desktop\FRST.txt 2014-08-09 08:30 - 2014-08-09 08:31 - 00000000 ____D () C:\FRST 2014-08-09 08:29 - 2014-08-09 08:29 - 02093568 _____ (Farbar) C:\Users\Weezie's\Desktop\FRST64.exe 2014-08-09 08:12 - 2014-08-09 08:12 - 00071724 _____ () C:\Users\Weezie's\Desktop\OTL.Txt 2014-08-09 08:09 - 2014-08-09 08:09 - 00065712 _____ () C:\Users\Weezie's\Downloads\Extras.Txt 2014-08-09 08:08 - 2014-08-09 08:08 - 00071724 _____ () C:\Users\Weezie's\Downloads\OTL.Txt 2014-08-09 08:01 - 2014-08-09 08:01 - 00602112 _____ (OldTimer Tools) C:\Users\Weezie's\Downloads\OTL.exe 2014-08-09 07:27 - 2014-08-09 07:27 - 00000000 ____D () C:\Windows\ERDNT 2014-08-09 07:25 - 2014-08-09 07:26 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-08-09 07:25 - 2014-08-09 07:25 - 00000932 _____ () C:\Users\Weezie's\Desktop\NTREGOPT.lnk 2014-08-09 07:25 - 2014-08-09 07:25 - 00000913 _____ () C:\Users\Weezie's\Desktop\ERUNT.lnk 2014-08-09 07:25 - 2014-08-09 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-08-09 07:06 - 2014-08-09 07:06 - 00000218 _____ () C:\Users\Weezie's\AppData\Local\recently-used.xbel 2014-08-04 18:33 - 2014-08-05 06:23 - 00000000 ____D () C:\ProgramData\dEalpeiak 2014-08-01 16:26 - 2014-08-01 16:27 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\Yahoo! 2014-08-01 16:26 - 2014-08-01 16:26 - 00000000 ____D () C:\ProgramData\Yahoo! Companion 2014-08-01 16:26 - 2014-08-01 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger 2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____D () C:\Windows\pss 2014-07-26 07:37 - 2014-07-29 18:27 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\Apple Computer 2014-07-26 07:37 - 2014-07-26 07:37 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Apple Computer 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Program Files\iTunes 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Program Files\iPod 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-07-26 07:37 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-07-26 07:36 - 2014-07-26 07:36 - 00000000 ____D () C:\Windows\System32\Tasks\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\ProgramData\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-07-25 06:02 - 2014-07-25 06:02 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program 2014-07-24 18:27 - 2014-07-24 18:27 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\AVG 2014-07-24 18:27 - 2014-07-24 18:27 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\AVG 2014-07-24 18:21 - 2014-07-25 06:02 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-07-24 18:20 - 2014-07-25 05:57 - 00000000 ____D () C:\ProgramData\AVG 2014-07-24 18:03 - 2014-07-24 18:03 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\AVG2014 2014-07-24 18:02 - 2014-07-24 18:02 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-07-24 18:01 - 2014-07-26 07:07 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar 2014-07-24 17:59 - 2014-07-24 17:59 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\TuneUp Software 2014-07-24 17:58 - 2014-08-09 08:23 - 00000000 ___HD () C:\$AVG 2014-07-24 17:58 - 2014-08-09 08:23 - 00000000 ____D () C:\ProgramData\AVG2014 2014-07-24 17:57 - 2014-07-29 06:00 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-24 17:55 - 2014-08-09 08:27 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-24 17:55 - 2014-07-25 06:24 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Avg2014 2014-07-24 17:55 - 2014-07-24 17:55 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\MFAData 2014-07-24 06:04 - 2014-07-24 06:04 - 00000000 ____D () C:\Program Files (x86)\PrioShoppEr 2014-07-23 16:51 - 2014-07-23 16:51 - 00448512 _____ (OldTimer Tools) C:\Users\Weezie's\Desktop\TFC.exe 2014-07-19 20:57 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37 2014-07-19 20:57 - 2014-07-24 12:15 - 00000000 ____D () C:\ProgramData\PrioShoppEr 2014-07-19 20:57 - 2014-07-19 20:57 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Packages 2014-07-19 20:17 - 2014-07-24 18:06 - 00000000 ____D () C:\ProgramData\Fast And Safe 2014-07-14 17:27 - 2014-08-04 10:05 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\HpUpdate 2014-07-14 17:27 - 2014-07-14 17:27 - 00003638 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series 2014-07-14 17:27 - 2014-07-14 17:27 - 00002276 _____ () C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk 2014-07-14 17:27 - 2014-07-14 17:27 - 00001999 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\Visan 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-07-14 17:26 - 2014-07-14 17:27 - 00000000 ____D () C:\Program Files (x86)\HP 2014-07-14 17:26 - 2014-07-14 17:26 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-07-14 17:26 - 2014-07-14 17:26 - 00000000 ____D () C:\ProgramData\HP 2014-07-14 17:26 - 2014-07-14 17:26 - 00000000 ____D () C:\Program Files\HP 2014-07-14 17:25 - 2014-07-14 17:28 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\HP ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-09 08:32 - 2014-08-09 08:31 - 00013003 _____ () C:\Users\Weezie's\Desktop\FRST.txt 2014-08-09 08:31 - 2014-08-09 08:30 - 00000000 ____D () C:\FRST 2014-08-09 08:30 - 2014-06-28 08:25 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-09 08:30 - 2014-06-28 08:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-09 08:29 - 2014-08-09 08:29 - 02093568 _____ (Farbar) C:\Users\Weezie's\Desktop\FRST64.exe 2014-08-09 08:27 - 2014-07-24 17:55 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-09 08:23 - 2014-07-24 17:58 - 00000000 ___HD () C:\$AVG 2014-08-09 08:23 - 2014-07-24 17:58 - 00000000 ____D () C:\ProgramData\AVG2014 2014-08-09 08:12 - 2014-08-09 08:12 - 00071724 _____ () C:\Users\Weezie's\Desktop\OTL.Txt 2014-08-09 08:09 - 2014-08-09 08:09 - 00065712 _____ () C:\Users\Weezie's\Downloads\Extras.Txt 2014-08-09 08:08 - 2014-08-09 08:08 - 00071724 _____ () C:\Users\Weezie's\Downloads\OTL.Txt 2014-08-09 08:01 - 2014-08-09 08:01 - 00602112 _____ (OldTimer Tools) C:\Users\Weezie's\Downloads\OTL.exe 2014-08-09 07:54 - 2014-07-01 18:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-09 07:27 - 2014-08-09 07:27 - 00000000 ____D () C:\Windows\ERDNT 2014-08-09 07:26 - 2014-08-09 07:25 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-08-09 07:25 - 2014-08-09 07:25 - 00000932 _____ () C:\Users\Weezie's\Desktop\NTREGOPT.lnk 2014-08-09 07:25 - 2014-08-09 07:25 - 00000913 _____ () C:\Users\Weezie's\Desktop\ERUNT.lnk 2014-08-09 07:25 - 2014-08-09 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-08-09 07:06 - 2014-08-09 07:06 - 00000218 _____ () C:\Users\Weezie's\AppData\Local\recently-used.xbel 2014-08-09 06:52 - 2014-06-24 19:59 - 01341582 _____ () C:\Windows\WindowsUpdate.log 2014-08-09 06:51 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-09 06:51 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-07 06:21 - 2014-06-24 21:28 - 00000000 ____D () C:\ProgramData\clear.fi 2014-08-07 06:20 - 2014-06-24 20:05 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-07 06:20 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-07 06:20 - 2009-07-13 21:51 - 00068773 _____ () C:\Windows\setupact.log 2014-08-05 17:46 - 2014-07-09 18:20 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\vlc 2014-08-05 06:23 - 2014-08-04 18:33 - 00000000 ____D () C:\ProgramData\dEalpeiak 2014-08-04 18:33 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\64ba89ba46506d37 2014-08-04 10:05 - 2014-07-14 17:27 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\HpUpdate 2014-08-01 16:27 - 2014-08-01 16:26 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\Yahoo! 2014-08-01 16:26 - 2014-08-01 16:26 - 00000000 ____D () C:\ProgramData\Yahoo! Companion 2014-08-01 16:26 - 2014-08-01 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger 2014-08-01 16:26 - 2014-07-01 18:42 - 00000000 ____D () C:\Program Files (x86)\Yahoo! 2014-08-01 16:26 - 2014-06-28 02:17 - 00001087 _____ () C:\Windows\wininit.ini 2014-07-31 02:59 - 2010-08-30 18:12 - 00023566 _____ () C:\Windows\PFRO.log 2014-07-29 18:27 - 2014-07-26 07:37 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\Apple Computer 2014-07-29 07:47 - 2014-06-28 02:17 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\BitLord 2014-07-29 06:00 - 2014-07-24 17:57 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-28 16:17 - 2014-07-28 16:17 - 00000000 ____D () C:\Windows\pss 2014-07-26 08:48 - 2009-07-13 22:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 07:37 - 2014-07-26 07:37 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Apple Computer 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Program Files\iTunes 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Program Files\iPod 2014-07-26 07:37 - 2014-07-26 07:37 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-07-26 07:36 - 2014-07-26 07:36 - 00000000 ____D () C:\Windows\System32\Tasks\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\ProgramData\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files\Bonjour 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-07-26 07:35 - 2014-07-26 07:35 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-07-26 07:07 - 2014-07-24 18:01 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar 2014-07-25 06:50 - 2014-06-28 08:25 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-25 06:50 - 2014-06-28 08:25 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-25 06:24 - 2014-07-24 17:55 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Avg2014 2014-07-25 06:11 - 2014-06-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-07-25 06:02 - 2014-07-25 06:02 - 00003676 _____ () C:\Windows\System32\Tasks\HP online update program 2014-07-25 06:02 - 2014-07-24 18:21 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-07-25 05:57 - 2014-07-24 18:20 - 00000000 ____D () C:\ProgramData\AVG 2014-07-24 18:35 - 2014-06-24 21:11 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\VirtualStore 2014-07-24 18:27 - 2014-07-24 18:27 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\AVG 2014-07-24 18:27 - 2014-07-24 18:27 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\AVG 2014-07-24 18:06 - 2014-07-19 20:17 - 00000000 ____D () C:\ProgramData\Fast And Safe 2014-07-24 18:03 - 2014-07-24 18:03 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\AVG2014 2014-07-24 18:02 - 2014-07-24 18:02 - 00000000 ____D () C:\ProgramData\AVG Secure Search 2014-07-24 17:59 - 2014-07-24 17:59 - 00000000 ____D () C:\Users\Weezie's\AppData\Roaming\TuneUp Software 2014-07-24 17:55 - 2014-07-24 17:55 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\MFAData 2014-07-24 12:15 - 2014-07-19 20:57 - 00000000 ____D () C:\ProgramData\PrioShoppEr 2014-07-24 12:15 - 2014-06-25 19:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 12:15 - 2014-06-25 19:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-24 06:45 - 2014-06-28 02:15 - 00000000 ____D () C:\Program Files\PeerBlock 2014-07-24 06:04 - 2014-07-24 06:04 - 00000000 ____D () C:\Program Files (x86)\PrioShoppEr 2014-07-24 03:01 - 2014-06-25 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-23 16:51 - 2014-07-23 16:51 - 00448512 _____ (OldTimer Tools) C:\Users\Weezie's\Desktop\TFC.exe 2014-07-19 20:57 - 2014-07-19 20:57 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\Packages 2014-07-19 20:17 - 2014-06-28 12:37 - 00000000 ____D () C:\ProgramData\374311380 2014-07-17 12:33 - 2014-06-28 08:26 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-14 17:28 - 2014-07-14 17:25 - 00000000 ____D () C:\Users\Weezie's\AppData\Local\HP 2014-07-14 17:27 - 2014-07-14 17:27 - 00003638 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series 2014-07-14 17:27 - 2014-07-14 17:27 - 00002276 _____ () C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk 2014-07-14 17:27 - 2014-07-14 17:27 - 00001999 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\Visan 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\ProgramData\HP Photo Creations 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations 2014-07-14 17:27 - 2014-07-14 17:27 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-07-14 17:27 - 2014-07-14 17:26 - 00000000 ____D () C:\Program Files (x86)\HP 2014-07-14 17:26 - 2014-07-14 17:26 - 00000057 _____ () C:\ProgramData\Ament.ini 2014-07-14 17:26 - 2014-07-14 17:26 - 00000000 ____D () C:\ProgramData\HP 2014-07-14 17:26 - 2014-07-14 17:26 - 00000000 ____D () C:\Program Files\HP 2014-07-10 04:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache 2014-07-10 04:06 - 2009-07-13 22:08 - 00000000 ____D () C:\Users\Administrator 2014-07-10 03:21 - 2009-07-13 21:45 - 00274320 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-10 03:19 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 03:03 - 2014-06-26 06:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 03:02 - 2014-06-26 06:07 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-07 08:26 ==================== End Of Log ============================