Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Malware Infection [Solved]

HP printer HP computer

  • This topic is locked This topic is locked

#46
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The MSE program installed and updated itself.

That good news. :)  At least you have an antivirus program on the computer now. I think we will leave well enough alone and not try to remove the remnants of the Comcast Constant Guard program since MSE was able to install.

 

 

Try to make a restore point now.

 

Also, tell me again what issues you are having with IE.


  • 0

Advertisements


#47
ridethewave

ridethewave

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

The restore point was successful.

 

 

The only issue we had with IE 11 was that I was unable to cut and paste.  You asked me to try another browser, so I choose Firefox.  After I installed Firefox, I was able to cut and paste  the logs to the forum.  But, the original problem that got me to this point was that my printer would not scan to the computer.  I tried to uninstall it and reinstall but I was unable to do that.  I contacted HP, and through "remote access" and after three techs, they only made things worse.


Edited by ridethewave, 03 July 2014 - 05:55 PM.

  • 0

#48
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

More good news about system restore creating a restore point. It looks like the residual Constant Guard entries that the FRST fix killed was responsible for for the issues with system restore and installing another antivirus program.

I'm still researching the HP scanning issue. There are some drivers that the FRST scan shows as loaded but the files are missing. That's probably due to the uninstallation. Let's clear the IE cookies and cache and see if that resolves the issue with IE. And I want a fresh FRST scan so I can see if anything else remains.

 

Clear IE Cache and Browsing History

  • Open the IE browser.
  • Click the down arrow next to Safety on the right side of the Menu bar and click Delete browsing history...

    OR, If your IE has the cog icon on the Menu bar, click it then highlight Safety and click Delete browsing history...

    The Delete Browsing History page will open.
  • Make sure the boxes beside the following are checked:
    • Temporary Internet Files
    • Cookies
    • Cache
  • Remove the check marks from any other boxes unless you want them cleared also.
  • Click the Delete button.

 

 

 

FRST Scan
Close all open Windows and browsers

  • Right click the FRST64.exe file and click Run as Administrator to run the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. There won't be an Additions.txt file produced this time.

 

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you can copy and paste in the forum using IE now.

2. The new FRST.txt log


  • 0

#49
ridethewave

ridethewave

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

I can now copy and paste to the forum.

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014
Ran by Chris (administrator) on CHRIS-HP on 04-07-2014 18:50:25
Running from C:\Users\Chris\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-1450463833-1716714491-3263300153-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-07-03] (Google Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...TF-8&gws_rd=ssl
SearchScopes: HKLM - {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
SearchScopes: HKCU - {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\w24xywz3.default
FF Homepage: https://www.google.c...TF-8&gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alehnfoacogmaadlhenakdcfoinpnhhk [2013-04-05]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alenfoeghpdhdbpobdeeeekbhjnheijk [2013-04-05]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-11]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-11]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-11]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-11]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\goncfglpmcnoeehekalaobbmkcfogfko [2013-03-23]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-19]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihembdpglninjghlloneejbhjcomaob [2013-03-23]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-11]
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Chris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Chris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-07]

==================== Services (Whitelisted) =================

S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-09] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-04 18:48 - 2014-07-04 18:48 - 00000000 ____D () C:\Users\Chris\Desktop\FRST-OlderVersion
2014-07-03 15:20 - 2014-07-04 18:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 15:20 - 2014-07-03 15:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 15:20 - 2014-07-03 15:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-03 15:20 - 2014-07-03 15:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-03 15:20 - 2014-07-03 15:20 - 00000000 ____D () C:\ProgramData\Google
2014-07-03 09:36 - 2014-07-03 09:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-03 09:36 - 2014-07-03 09:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-03 09:36 - 2014-07-03 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-03 09:35 - 2014-07-03 09:35 - 13829304 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\MSEInstall1.exe
2014-07-03 09:34 - 2014-07-03 09:34 - 00632136 _____ () C:\Users\Chris\Downloads\microsoft security essentials setup.exe
2014-07-01 20:08 - 2014-07-01 20:08 - 00061888 _____ () C:\Users\Chris\Desktop\Addition.txt
2014-07-01 20:07 - 2014-07-04 18:50 - 00017748 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-07-01 20:07 - 2014-07-04 18:50 - 00000000 ____D () C:\FRST
2014-07-01 20:04 - 2014-07-04 18:48 - 02084352 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-06-29 11:27 - 2014-06-29 11:27 - 00001779 _____ () C:\Users\Chris\Desktop\aswMBR2.txt
2014-06-29 05:59 - 2014-06-29 05:59 - 00076616 _____ () C:\Users\Chris\Desktop\OTL2.Txt
2014-06-29 05:51 - 2014-06-29 05:51 - 00002358 _____ () C:\Users\Chris\Desktop\FSS.txt
2014-06-29 05:49 - 2014-06-29 05:49 - 00001779 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-06-29 05:49 - 2014-06-29 05:49 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-06-29 05:43 - 2014-06-29 05:43 - 00415744 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2014-06-29 05:41 - 2014-06-29 05:41 - 05185536 _____ (AVAST Software) C:\Users\Chris\Desktop\aswmbr.exe
2014-06-28 12:49 - 2014-06-28 12:49 - 00010072 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-06-28 12:45 - 2014-06-28 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-28 08:44 - 2014-06-28 08:44 - 00007896 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt
2014-06-28 08:29 - 2014-06-28 08:29 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-06-28 08:20 - 2014-06-28 08:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\mseinstall.exe
2014-06-27 19:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-27 19:51 - 2014-06-28 08:34 - 00000000 ____D () C:\AdwCleaner
2014-06-27 19:50 - 2014-06-27 19:50 - 01342659 _____ () C:\Users\Chris\Desktop\AdwCleaner.exe
2014-06-27 19:22 - 2014-06-27 19:22 - 00984576 _____ () C:\Users\Chris\Downloads\MicrosoftFixit50906.msi
2014-06-27 13:01 - 2014-06-27 13:01 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-06-27 13:00 - 2014-06-27 13:00 - 04057608 _____ () C:\Users\Chris\Downloads\tweaking.com_registry_backup_setup.exe
2014-06-27 09:49 - 2014-06-29 05:57 - 00076616 _____ () C:\Users\Chris\Desktop\OTL.Txt
2014-06-26 17:33 - 2014-06-26 17:33 - 00046004 _____ () C:\Users\Chris\Desktop\06262014_171524.log
2014-06-26 17:07 - 2014-06-26 17:07 - 00869456 _____ () C:\Users\Chris\Downloads\Norton_Removal_Tool.exe
2014-06-26 15:21 - 2014-06-26 15:21 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-26 15:21 - 2014-06-26 15:21 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-26 15:21 - 2014-06-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-26 15:21 - 2014-06-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-25 20:18 - 2014-06-25 20:18 - 00000000 ____D () C:\_OTL
2014-06-24 14:27 - 2014-06-24 14:27 - 00602112 _____ (OldTimer Tools) C:\Users\Chris\Desktop\OTL.exe
2014-06-22 20:41 - 2014-06-22 21:17 - 00000530 _____ () C:\Windows\DtcInstall.log
2014-06-22 10:46 - 2014-07-03 09:37 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-06-22 10:43 - 2014-06-22 10:43 - 00164096 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 19:18 - 2014-06-21 20:02 - 00000000 ____D () C:\Program Files\Speccy
2014-06-21 19:18 - 2014-06-21 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-06-21 05:37 - 2014-07-04 18:29 - 00005846 _____ () C:\Windows\setupact.log
2014-06-21 05:37 - 2014-06-21 05:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-21 05:36 - 2014-07-04 05:23 - 00811212 _____ () C:\Windows\PFRO.log
2014-06-21 05:36 - 2014-06-21 05:37 - 00550784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-20 14:19 - 2014-06-20 14:35 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-06-19 06:01 - 2014-06-19 06:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 15:45 - 2014-06-18 15:45 - 00002165 _____ () C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-18 13:23 - 2014-06-18 16:06 - 00002010 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-06-14 18:22 - 2014-07-04 14:58 - 01375101 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 18:13 - 2014-06-14 18:13 - 00010230 _____ () C:\Users\Chris\Documents\cc_20140614_181314.reg
2014-06-14 17:11 - 2014-06-27 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-06-14 15:53 - 2014-06-18 13:27 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-06-14 15:53 - 2014-06-18 13:27 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-14 15:53 - 2014-06-14 16:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-06-14 15:52 - 2014-06-14 17:25 - 00164096 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-14 15:52 - 2014-06-14 15:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HP
2014-06-14 15:42 - 2014-06-14 15:43 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F8EADB24-C07A-4B41-A272-50B9A7174CE0}
2014-06-14 15:42 - 2014-06-14 15:42 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-14 15:42 - 2014-06-14 15:42 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 ____D () C:\Users\Administrator
2014-06-14 15:42 - 2012-07-08 14:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-06-14 15:42 - 2012-04-09 18:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Hewlett-Packard
2014-06-14 15:42 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-14 15:42 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-14 08:37 - 2014-06-26 17:33 - 00000000 ____D () C:\Users\Chris\Desktop\FixPrinterProblems
2014-06-14 08:36 - 2014-07-04 11:12 - 00000000 ____D () C:\Users\Chris\Desktop\Stuff
2014-06-14 05:54 - 2014-06-14 05:54 - 00010868 _____ () C:\Users\Chris\Documents\cc_20140614_055402.reg
2014-06-13 16:53 - 2014-06-13 16:53 - 00176992 _____ () C:\Users\Chris\Documents\cc_20140613_165328.reg
2014-06-13 13:44 - 2014-06-13 13:44 - 00802526 _____ () C:\Users\Chris\Documents\cc_20140613_134417.reg
2014-06-12 17:27 - 2014-06-12 17:27 - 00000000 ____D () C:\Windows\system32\x64
2014-06-11 15:08 - 2013-11-13 20:41 - 00439296 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-06-11 15:07 - 2014-06-11 15:07 - 00000000 ____D () C:\Users\Chris\Documents\DVDVideoSoft
2014-06-11 14:55 - 2014-06-11 15:12 - 00000000 ____D () C:\Users\Chris\Desktop\Trista
2014-06-10 19:31 - 2014-06-10 19:31 - 00000000 ____D () C:\Windows\system\x64
2014-06-10 15:05 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 15:05 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 15:05 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 15:05 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 15:05 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 15:05 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 15:05 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 15:05 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 15:05 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 15:05 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 15:05 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 15:05 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 15:05 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 15:05 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 15:05 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 15:05 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 15:05 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 15:05 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 15:05 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 15:05 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 15:05 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 15:05 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 15:05 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 15:05 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 15:05 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 15:05 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 15:05 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 15:05 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 15:05 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 15:05 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 15:05 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 15:05 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 15:05 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 15:05 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 15:05 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 15:05 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 15:05 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 15:05 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 15:05 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 15:05 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 15:05 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 15:05 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 15:05 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 15:05 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 15:05 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 15:05 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 15:05 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 15:05 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 15:05 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 15:05 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 15:05 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 15:05 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 15:05 - 2014-05-08 02:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 15:05 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-10 15:05 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 15:05 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 15:05 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 15:05 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 15:05 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 15:05 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 15:05 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 15:05 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 15:05 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 15:05 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 15:05 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 15:05 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 15:03 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 15:03 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 18:43 - 2014-06-09 18:43 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CHRIS-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-06-09 18:22 - 2014-06-09 18:22 - 00000000 ____D () C:\RegBackup
2014-06-09 16:15 - 2014-06-09 16:15 - 00002853 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2014-06-09 16:15 - 2014-06-09 16:15 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up
2014-06-09 15:58 - 2014-06-09 15:58 - 00003114 _____ () C:\Windows\System32\Tasks\{7D73A77F-DAEA-4CD3-969D-587189C20EFD}
2014-06-09 15:57 - 2014-06-27 13:01 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-06-09 15:55 - 2014-06-09 15:55 - 00003122 _____ () C:\Windows\System32\Tasks\{1B7F1A52-435A-4BD2-874A-05BAC60F7957}
2014-06-09 15:50 - 2014-06-09 15:50 - 00003258 _____ () C:\Windows\System32\Tasks\{694C7399-C982-4166-A429-2C3322D5744B}
2014-06-08 20:46 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5C12.dll
2014-06-08 17:22 - 2014-06-08 17:22 - 00003202 _____ () C:\Windows\System32\Tasks\{2E39FA7E-8890-4146-A625-607D0835C39D}
2014-06-08 16:15 - 2014-06-08 16:15 - 00003284 _____ () C:\Windows\System32\Tasks\{1E74F0C9-1847-4752-98F5-3B5F27DF74B8}
2014-06-08 16:03 - 2014-06-11 21:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-07 17:06 - 2014-06-07 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-06 11:27 - 2014-06-06 11:27 - 00015456 _____ () C:\Users\Chris\Documents\cc_20140606_112706.reg
2014-06-05 13:50 - 2014-06-20 20:34 - 00002968 _____ () C:\Windows\System32\Tasks\{97432810-5311-4EE6-96E1-86641E7E32F7}
2014-06-04 21:59 - 2014-06-04 21:59 - 00003248 _____ () C:\Windows\System32\Tasks\{09531749-24A0-43E1-A648-F533BE0B5654}
2014-06-04 21:55 - 2014-06-04 21:55 - 03201610 _____ (Igor Pavlov) C:\Users\Chris\Downloads\PC_BHSCamSetupTool_Setup_1.0.14.alpha (2)(1).exe
2014-06-04 21:50 - 2014-06-04 21:57 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrickHouse
2014-06-04 21:50 - 2014-06-04 21:50 - 00000000 ____D () C:\Program Files (x86)\BrickHouse
2014-06-04 21:49 - 2014-06-04 21:49 - 03201610 _____ (Igor Pavlov) C:\Users\Chris\Downloads\PC_BHSCamSetupTool_Setup_1.0.14.alpha (2).exe

==================== One Month Modified Files and Folders =======

2014-07-04 18:51 - 2014-07-01 20:07 - 00017748 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-07-04 18:50 - 2014-07-01 20:07 - 00000000 ____D () C:\FRST
2014-07-04 18:48 - 2014-07-04 18:48 - 00000000 ____D () C:\Users\Chris\Desktop\FRST-OlderVersion
2014-07-04 18:48 - 2014-07-01 20:04 - 02084352 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2014-07-04 18:34 - 2014-07-03 15:20 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 18:34 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 18:34 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 18:33 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 18:32 - 2014-06-14 18:22 - 01375101 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 18:29 - 2014-06-21 05:37 - 00005846 _____ () C:\Windows\setupact.log
2014-07-04 18:29 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 11:43 - 2012-06-24 12:20 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\U3
2014-07-04 11:12 - 2014-06-14 08:36 - 00000000 ____D () C:\Users\Chris\Desktop\Stuff
2014-07-04 05:23 - 2014-06-21 05:36 - 00811212 _____ () C:\Windows\PFRO.log
2014-07-03 20:13 - 2013-03-15 09:15 - 00000000 ____D () C:\Users\Chris\Documents\Life's Lessons
2014-07-03 19:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-03 15:21 - 2014-07-03 15:20 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 15:20 - 2014-07-03 15:20 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-03 15:20 - 2014-07-03 15:20 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-03 15:20 - 2014-07-03 15:20 - 00000000 ____D () C:\ProgramData\Google
2014-07-03 15:20 - 2012-06-08 06:30 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-07-03 15:20 - 2012-06-08 06:30 - 00000000 ____D () C:\Program Files\Google
2014-07-03 15:20 - 2012-06-08 06:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-03 15:20 - 2012-06-08 06:29 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
2014-07-03 09:37 - 2014-06-22 10:46 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-07-03 09:36 - 2014-07-03 09:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-07-03 09:36 - 2014-07-03 09:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-07-03 09:36 - 2014-07-03 09:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-07-03 09:35 - 2014-07-03 09:35 - 13829304 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\MSEInstall1.exe
2014-07-03 09:34 - 2014-07-03 09:34 - 00632136 _____ () C:\Users\Chris\Downloads\microsoft security essentials setup.exe
2014-07-01 20:08 - 2014-07-01 20:08 - 00061888 _____ () C:\Users\Chris\Desktop\Addition.txt
2014-06-29 11:27 - 2014-06-29 11:27 - 00001779 _____ () C:\Users\Chris\Desktop\aswMBR2.txt
2014-06-29 05:59 - 2014-06-29 05:59 - 00076616 _____ () C:\Users\Chris\Desktop\OTL2.Txt
2014-06-29 05:57 - 2014-06-27 09:49 - 00076616 _____ () C:\Users\Chris\Desktop\OTL.Txt
2014-06-29 05:51 - 2014-06-29 05:51 - 00002358 _____ () C:\Users\Chris\Desktop\FSS.txt
2014-06-29 05:49 - 2014-06-29 05:49 - 00001779 _____ () C:\Users\Chris\Desktop\aswMBR.txt
2014-06-29 05:49 - 2014-06-29 05:49 - 00000512 _____ () C:\Users\Chris\Desktop\MBR.dat
2014-06-29 05:43 - 2014-06-29 05:43 - 00415744 _____ (Farbar) C:\Users\Chris\Desktop\FSS.exe
2014-06-29 05:42 - 2012-06-05 16:21 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\HpUpdate
2014-06-29 05:41 - 2014-06-29 05:41 - 05185536 _____ (AVAST Software) C:\Users\Chris\Desktop\aswmbr.exe
2014-06-28 12:49 - 2014-06-28 12:49 - 00010072 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-06-28 12:45 - 2014-06-28 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-28 08:44 - 2014-06-28 08:44 - 00007896 _____ () C:\Users\Chris\Desktop\AdwCleaner[S0].txt
2014-06-28 08:34 - 2014-06-27 19:51 - 00000000 ____D () C:\AdwCleaner
2014-06-28 08:29 - 2014-06-28 08:29 - 01016261 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-06-28 08:20 - 2014-06-28 08:20 - 13829304 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\mseinstall.exe
2014-06-27 19:50 - 2014-06-27 19:50 - 01342659 _____ () C:\Users\Chris\Desktop\AdwCleaner.exe
2014-06-27 19:22 - 2014-06-27 19:22 - 00984576 _____ () C:\Users\Chris\Downloads\MicrosoftFixit50906.msi
2014-06-27 13:01 - 2014-06-27 13:01 - 00002241 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-06-27 13:01 - 2014-06-14 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-06-27 13:01 - 2014-06-09 15:57 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-06-27 13:00 - 2014-06-27 13:00 - 04057608 _____ () C:\Users\Chris\Downloads\tweaking.com_registry_backup_setup.exe
2014-06-26 17:33 - 2014-06-26 17:33 - 00046004 _____ () C:\Users\Chris\Desktop\06262014_171524.log
2014-06-26 17:33 - 2014-06-14 08:37 - 00000000 ____D () C:\Users\Chris\Desktop\FixPrinterProblems
2014-06-26 17:07 - 2014-06-26 17:07 - 00869456 _____ () C:\Users\Chris\Downloads\Norton_Removal_Tool.exe
2014-06-26 15:21 - 2014-06-26 15:21 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-26 15:21 - 2014-06-26 15:21 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-26 15:21 - 2014-06-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-26 15:21 - 2014-06-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-26 15:21 - 2012-06-28 05:29 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla
2014-06-25 20:18 - 2014-06-25 20:18 - 00000000 ____D () C:\_OTL
2014-06-25 09:55 - 2012-06-25 14:54 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-06-24 14:27 - 2014-06-24 14:27 - 00602112 _____ (OldTimer Tools) C:\Users\Chris\Desktop\OTL.exe
2014-06-22 21:17 - 2014-06-22 20:41 - 00000530 _____ () C:\Windows\DtcInstall.log
2014-06-22 20:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-06-22 13:57 - 2013-10-25 19:34 - 00000000 ____D () C:\Users\Chris\Documents\resignation letter
2014-06-22 11:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-06-22 10:43 - 2014-06-22 10:43 - 00164096 _____ () C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 20:02 - 2014-06-21 19:18 - 00000000 ____D () C:\Program Files\Speccy
2014-06-21 19:18 - 2014-06-21 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-06-21 05:37 - 2014-06-21 05:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-21 05:37 - 2014-06-21 05:36 - 00550784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-20 20:35 - 2014-05-26 13:38 - 00002968 _____ () C:\Windows\System32\Tasks\{B3C0DD34-795F-4777-AD0F-440607107F00}
2014-06-20 20:34 - 2014-06-05 13:50 - 00002968 _____ () C:\Windows\System32\Tasks\{97432810-5311-4EE6-96E1-86641E7E32F7}
2014-06-20 16:00 - 2012-09-06 20:18 - 00000000 ____D () C:\Users\Chris\Documents\CCW
2014-06-20 14:35 - 2014-06-20 14:19 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-06-20 14:19 - 2009-07-13 22:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-19 06:01 - 2014-06-19 06:01 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 16:06 - 2014-06-18 13:23 - 00002010 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-06-18 16:00 - 2009-07-13 19:34 - 00000549 _____ () C:\Windows\win.ini
2014-06-18 15:58 - 2011-02-11 10:15 - 00782470 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-18 15:45 - 2014-06-18 15:45 - 00002165 _____ () C:\Users\Chris\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-06-18 13:27 - 2014-06-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-18 13:27 - 2014-06-14 15:53 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-06-18 13:27 - 2014-06-14 15:53 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-06-14 18:13 - 2014-06-14 18:13 - 00010230 _____ () C:\Users\Chris\Documents\cc_20140614_181314.reg
2014-06-14 17:25 - 2014-06-14 15:52 - 00164096 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-14 16:57 - 2009-07-13 19:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_137
2014-06-14 16:01 - 2014-06-14 15:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HpUpdate
2014-06-14 15:52 - 2014-06-14 15:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\HP
2014-06-14 15:43 - 2014-06-14 15:42 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F8EADB24-C07A-4B41-A272-50B9A7174CE0}
2014-06-14 15:42 - 2014-06-14 15:42 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-14 15:42 - 2014-06-14 15:42 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-06-14 15:42 - 2014-06-14 15:42 - 00000000 ____D () C:\Users\Administrator
2014-06-14 15:42 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-06-14 14:44 - 2009-07-13 19:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_681
2014-06-14 05:54 - 2014-06-14 05:54 - 00010868 _____ () C:\Users\Chris\Documents\cc_20140614_055402.reg
2014-06-13 21:44 - 2014-01-11 20:14 - 00676910 _____ () C:\Users\Chris\Desktop\BusinessCardREI_edited-4.psd
2014-06-13 18:46 - 2009-07-13 19:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_269
2014-06-13 16:53 - 2014-06-13 16:53 - 00176992 _____ () C:\Users\Chris\Documents\cc_20140613_165328.reg
2014-06-13 13:44 - 2014-06-13 13:44 - 00802526 _____ () C:\Users\Chris\Documents\cc_20140613_134417.reg
2014-06-12 21:14 - 2013-06-29 06:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 17:27 - 2014-06-12 17:27 - 00000000 ____D () C:\Windows\system32\x64
2014-06-11 22:37 - 2012-06-27 07:11 - 00035450 _____ () C:\ProgramData\hpzinstall.log
2014-06-11 21:56 - 2012-06-04 12:27 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E4A1004B-B699-446C-81E9-7B1306D4AF56}
2014-06-11 21:51 - 2014-06-08 16:03 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-11 21:48 - 2012-06-28 06:36 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-06-11 16:39 - 2012-06-04 12:20 - 00000000 ____D () C:\Users\Chris
2014-06-11 15:12 - 2014-06-11 14:55 - 00000000 ____D () C:\Users\Chris\Desktop\Trista
2014-06-11 15:07 - 2014-06-11 15:07 - 00000000 ____D () C:\Users\Chris\Documents\DVDVideoSoft
2014-06-10 21:06 - 2009-07-13 19:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_278
2014-06-10 20:29 - 2009-07-13 19:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_91
2014-06-10 20:00 - 2011-09-20 19:37 - 00028640 _____ (Uwe Sieber - www.uwe-sieber.de) C:\Windows\system32\DriveCleanup.exe
2014-06-10 19:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system
2014-06-10 19:31 - 2014-06-10 19:31 - 00000000 ____D () C:\Windows\system\x64
2014-06-10 19:14 - 2013-08-14 07:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-10 19:13 - 2012-06-04 21:51 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 15:36 - 2012-06-28 06:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 15:35 - 2014-05-07 09:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 19:02 - 2009-07-13 19:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_498
2014-06-09 18:43 - 2014-06-09 18:43 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-CHRIS-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-06-09 18:22 - 2014-06-09 18:22 - 00000000 ____D () C:\RegBackup
2014-06-09 17:28 - 2012-04-09 18:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-06-09 17:28 - 2012-04-09 18:17 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-06-09 17:26 - 2012-06-04 12:27 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Hewlett-Packard
2014-06-09 16:15 - 2014-06-09 16:15 - 00002853 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2014-06-09 16:15 - 2014-06-09 16:15 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up
2014-06-09 15:58 - 2014-06-09 15:58 - 00003114 _____ () C:\Windows\System32\Tasks\{7D73A77F-DAEA-4CD3-969D-587189C20EFD}
2014-06-09 15:55 - 2014-06-09 15:55 - 00003122 _____ () C:\Windows\System32\Tasks\{1B7F1A52-435A-4BD2-874A-05BAC60F7957}
2014-06-09 15:50 - 2014-06-09 15:50 - 00003258 _____ () C:\Windows\System32\Tasks\{694C7399-C982-4166-A429-2C3322D5744B}
2014-06-09 13:59 - 2012-04-09 18:17 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-09 13:56 - 2012-04-09 18:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-06-09 13:46 - 2012-06-07 06:50 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\WildTangent
2014-06-09 13:46 - 2012-04-09 18:26 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-09 13:46 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-09 13:41 - 2012-06-04 13:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-06-08 20:43 - 2012-06-27 07:03 - 00000000 ____D () C:\ProgramData\HP
2014-06-08 20:10 - 2012-06-22 05:56 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-06-08 17:22 - 2014-06-08 17:22 - 00003202 _____ () C:\Windows\System32\Tasks\{2E39FA7E-8890-4146-A625-607D0835C39D}
2014-06-08 16:15 - 2014-06-08 16:15 - 00003284 _____ () C:\Windows\System32\Tasks\{1E74F0C9-1847-4752-98F5-3B5F27DF74B8}
2014-06-08 02:13 - 2014-06-10 15:03 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 02:08 - 2014-06-10 15:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 17:06 - 2014-06-07 17:06 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\Program Files\iTunes
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\Program Files\iPod
2014-06-07 17:06 - 2014-06-07 17:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-06 11:27 - 2014-06-06 11:27 - 00015456 _____ () C:\Users\Chris\Documents\cc_20140606_112706.reg
2014-06-04 21:59 - 2014-06-04 21:59 - 00003248 _____ () C:\Windows\System32\Tasks\{09531749-24A0-43E1-A648-F533BE0B5654}
2014-06-04 21:57 - 2014-06-04 21:50 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrickHouse
2014-06-04 21:55 - 2014-06-04 21:55 - 03201610 _____ (Igor Pavlov) C:\Users\Chris\Downloads\PC_BHSCamSetupTool_Setup_1.0.14.alpha (2)(1).exe
2014-06-04 21:50 - 2014-06-04 21:50 - 00000000 ____D () C:\Program Files (x86)\BrickHouse
2014-06-04 21:49 - 2014-06-04 21:49 - 03201610 _____ (Igor Pavlov) C:\Users\Chris\Downloads\PC_BHSCamSetupTool_Setup_1.0.14.alpha (2).exe

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 19:37

==================== End Of Log ============================


  • 0

#50
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

More good news! We're on a roll. Now that we have the issues with the AV, System Restore, and IE resolved...fingers crossed, we're gonna do another FRST fix to remove the HP All-In-One drivers that are trying to load but the files are missing. Then we are gonna run another program and an online scan to check for any residual malware files. Once we are sure that all of the malware files are gone, we will see what we can do about the printer scanning issue.
 
 
Step-1.
FRST Fix

Warning: This fix is relevant for this system and no other. If you are not this user, Do NOT follow these directions as they could damage the workings of your system.

  • Download attached fixlist.txt file and save it to the same location the FRST64.exe file is in.
    NOTE: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • Run FRST64 and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • The Fixlog.txt file can also be found in the same location that the program was run from.

[attachment=71399:fixlist.txt]

 

Before completing Steps 2 and 3 please disable any screen saver you have running.

 

Step-2.
bf_new.gifMalwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware Free from here.

  • Double click the mbam-setup-2.0.2.1012.exe file to install the program
  • When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box enable free trial of Malwarebytes Anti-Malware Premium

MBAMcompletinginstall.jpg

  • The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
  • When update is complete select Settings > Detection and Protection and check (tick) Scan for rootkits

MBAMSettings-1.jpg

Go back to the Dashboard and click on the green Scan Now button.

MBAM1.jpg

  • If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

MBAMReboot.JPG

  • On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
  • Click on the Export button and select Text file and save to the desktop

MBAMLog.JPG

Copy and paste the log back here.


Step-3.
Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    realrunesetscannerbutton.jpg

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the esetsmartinstaller_enu.png icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:
     
    eseteula.jpg
  • Select the option YES, I accept the Terms of Use then click on:

    esetstartaftereulaapproval.jpg
         
  • When prompted allow the Add-On/Active X to install. The following window will open:

    esetdirectionalchecks.jpg
    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: esetstartaftersettingsmade.jpg
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

A.
If No Threats Were Found:

  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found

B.
If Threats Were Found:

  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program

Don't forget to enable your Antivirus program and screen saver.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Tell me if you still have the Chrome browser installed.
2. The fixlog.txt log
3. The MalwareBytes log
4. The ESET scan log (IF it found anything). If it didn't just let me know.


  • 0

#51
ridethewave

ridethewave

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

I do not remember ever installing the Chrome browser, if it is installed, it's not on my desktop or program file.

The ESET scan found 59 threats.

 

 

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014
Ran by Chris at 2014-07-04 20:54:30 Run:2
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]
stop
reboot:
*****************

hpqcxs08 => Service deleted successfully.
hpqddsvc => Service deleted successfully.
HPSLPSVC => Service deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/4/2014
Scan Time: 9:11:57 PM
Logfile: MalwareScan.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.05.02
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337623
Time Elapsed: 7 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, Quarantined, [37ebaeed2358ef476b644d79867c36ca],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-1450463833-1716714491-3263300153-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, Quarantined, [7ea4504bc2b9e650fcd2656112f0a65a],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1450463833-1716714491-3263300153-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [72b0bbe01d5e75c1da755e90fb08d22e],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Softonic, C:\Users\Chris\Downloads\SoftonicDownloader_for_videoget.exe, Quarantined, [ea3817841e5d40f6936519f12cd541bf],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\del_DM_LL_nsk8C6C.dll.vir Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe.vir a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultsDx.dll.vir a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\__searchresultstb.dll.vir a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Results Toolbar\Datamngr\x64\del_DM_LL_nsk8C6C.dll.vir Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\AD5\APNIC.dll.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\Roaming\OpenCandy\E75A9DEFBE884C3587DFC72CE0DC5ACD\PureLeadsSetupx21701.exe.vir a variant of Win32/AdWare.Sendori.A application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF10.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF11.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF12.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF13.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF14.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF15.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF16.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF17.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF18.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF19.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF2.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF20.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF21.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF22.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF23.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF24.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF25.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF26.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF27.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF28.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF29.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF4.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF5.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF6.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF7.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF8.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components\DatamngrHlpFF9.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Downloads\9941443D6A4C2DAE26582731B61444D4000000000041DC78.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Chris\Downloads\microsoft security essentials setup.exe a variant of MSIL/Soft32Downloader.C potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp\Starter.exe Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp\~nsk8F89.tmp Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp\Starter.exe Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp\~nspA40F.tmp Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu7975.tmp\~nsp9D09.tmp a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsvE996.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp\Starter.exe Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp\~nsk8F89.tmp Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp\Starter.exe Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp\~nspA40F.tmp Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu7975.tmp\~nsp9D09.tmp a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsvE996.tmp\Starter.exe a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\_OTL\MovedFiles\06262014_161646\C_Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.20.101.5_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\_OTL\MovedFiles\06262014_161646\C_Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.20.101.5_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application


  • 0

#52
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I do not remember ever installing the Chrome browser, if it is installed, it's not on my desktop or program file.
The ESET scan found 59 threats.

There are some Chrome extensions showing in the OTL, FRST logs and MalwareBytes quarantined some Chrome extension registry keys. A lot of the things that ESET found had already been killed and quarantined by AdwCleaner and OTL. We will remove those quarantined files when we do the cleanup.
We will do another OTL fix to get the rest of the files that ESET found and remove the Chrome extensions.
 
 
 
Step-1.
otlicon.pngOTL Fix

Please close all open windows and browsers

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alenfoeghpdhdbpobdeeeekbhjnheijk
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\goncfglpmcnoeehekalaobbmkcfogfko
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihembdpglninjghlloneejbhjcomaob
C:\Users\Chris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu7975.tmp
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsvE996.tmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu7975.tmp
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsvE996.tmp

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open otlicon.png on your desktop. To do that:

  • Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the customFix.png textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the runFixbutton.png button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the btnOK.png button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.
Run Security Check

Download Security Check from here or here and save it to the Desktop.

  • Right click the SecurityCheck icon SecurityCheckIcon2.png and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    securitycheck.jpg
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The checkup.txt log


  • 0

#53
ridethewave

ridethewave

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :FILES> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alenfoeghpdhdbpobdeeeekbhjnheijk> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\goncfglpmcnoeehekalaobbmkcfogfko> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihembdpglninjghlloneejbhjcomaob> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx> in the current context!
Error: Unable to interpret < C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\SlimWare Utilities Inc> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu7975.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsvE996.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu7975.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsvE996.tmp> in the current context!
Error: Unable to interpret < :COMMANDS> in the current context!
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Chris
->Temp folder emptied: 3409370 bytes
->Temporary Internet Files folder emptied: 178951300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 315916161 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1410 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: dub_cm_auto
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71302 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 475.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07052014_121241

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

 

 Results of screen317's Security Check version 0.99.85 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player 13.0.0.214 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 


  • 0

#54
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

:lol:  You clicked the Run Scan button instead of the Run Fix button again. Please repeat Step 1 and make sure you click the red Run Fix button.


  • 0

#55
ridethewave

ridethewave

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

I real sure I clicked the RUN FIX button,  I ran (the RUN FIX) again and the log is the same.

 

 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :FILES> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alenfoeghpdhdbpobdeeeekbhjnheijk> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\goncfglpmcnoeehekalaobbmkcfogfko> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihembdpglninjghlloneejbhjcomaob> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx> in the current context!
Error: Unable to interpret < C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}> in the current context!
Error: Unable to interpret < C:\Users\Chris\AppData\Local\SlimWare Utilities Inc> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu7975.tmp> in the current context!
Error: Unable to interpret < C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsvE996.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu7975.tmp> in the current context!
Error: Unable to interpret < C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsvE996.tmp> in the current context!
Error: Unable to interpret < :COMMANDS> in the current context!
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Chris
->Temp folder emptied: 1010646 bytes
->Temporary Internet Files folder emptied: 145444221 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14098341 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: dub_cm_auto
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 153.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07052014_131145

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

Advertisements


#56
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I apologize for thinking you had clicked the Run Scan button. A log with the Error: Unable to interpret entries usually indicates that the Run Scan button has been pressed. But in rare instances the Run Fix button produces a log like that. We will try it a different way.

 

First I want you to delete any Fixlist.txt files you have on the desktop. After that is done:

 

 

otlicon.pngOTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

1. Download the attached Fix.txt file and save it to the desktop. [attachment=71432:Fix.txt]

2. Please re-open otlicon.png on your desktop.
3. Click the runFixbutton.png button.
When prompted with:

No fix has been provided!

Click Ok to load it from a file or Cancel to cancel

4. Click the OK button. A standard file open dialog window will open.
5. Navigate to the desktop. Find the Fix.txt file and click it. That will put it in the File Open box.
6. Click the Open button.
OTL will load the file automatically and the program will run the fix.
7. Let the program run unhindered.
8. OTL may ask to reboot the machine. Please do so if asked.
9. A report will open. Copy and Paste that report in your next reply.
10. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


  • 0

#57
ridethewave

ridethewave

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alenfoeghpdhdbpobdeeeekbhjnheijk\1 folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alenfoeghpdhdbpobdeeeekbhjnheijk folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\goncfglpmcnoeehekalaobbmkcfogfko\1 folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\goncfglpmcnoeehekalaobbmkcfogfko folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0 folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihembdpglninjghlloneejbhjcomaob\1 folder moved successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihembdpglninjghlloneejbhjcomaob folder moved successfully.
C:\Users\Chris\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx moved successfully.
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\content folder moved successfully.
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3}\components folder moved successfully.
C:\extensions\{D42CCDF2-0BD6-C3B2-2C9E-A474681738B3} folder moved successfully.
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Registry Backups folder moved successfully.
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Logs folder moved successfully.
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Icons folder moved successfully.
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimCleaner\Downloads folder moved successfully.
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc\SlimCleaner folder moved successfully.
C:\Users\Chris\AppData\Local\SlimWare Utilities Inc folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsu7975.tmp folder moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsvE996.tmp folder moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsa62BB.tmp not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu67CA.tmp not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu6DE1.tmp not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsu7975.tmp not found.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsvE996.tmp not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Chris
->Temp folder emptied: 2172 bytes
->Temporary Internet Files folder emptied: 120630450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1791 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: dub_cm_auto
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4458 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 115.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07052014_145412

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTOGITEW\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTOGITEW\page-4[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTOGITEW\partner[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTOGITEW\push[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZTOGITEW\rt=ifr[3].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FREO1Q0Z\ads[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FREO1Q0Z\like[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FREO1Q0Z\postmessageRelay[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FREO1Q0Z\px[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FREO1Q0Z\zrt_lookup[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\1404597011061[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\ads[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\ads[2].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\partner[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\partner[2].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\partner[3].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\push[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EIVA5YDL\request_ad[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IVQ4CEB\ads[2].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IVQ4CEB\ads[3].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IVQ4CEB\ads[4].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IVQ4CEB\DhmkJ2TR0QN[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9IVQ4CEB\fastbutton[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#58
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

That got it :thumbsup: . Your Adobe Flash Player is out of date. We will update that. The please tell me how the computer is behaving, other than the printer issue.

 

 

Update Adobe Flash Player

NOTE: Depending on your settings, you may have to temporarily disable your antivirus software and firewall.

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.

  • In the Adobe Flash Player column, under Step 1, click the down arrow and choose your operating system.
  • Your system is Windows 7 64-bit.
  • Under Step 2, click the down arrow and select the browser you want to install FlashPlayer for.

    You will need to download and install each version of FlashPlayer (Flash Player for Internet Explorer AND Flash Player for Other Browsers) seperately

  • In the Optional offer: column, make sure to uncheck the box beside Yes, install free McAfee Security Scan Plus before downloading.
  • Click the Download now button. The File Download window will open.
  • Click Save File and save the install_flashplayerXXxXX_xxxx_xxx_xxx.exeset up file to the desktop.
  • Repeat the above for the other version of Flash Player.
  • Close the browser and all open windows.
  • Back on the desktop, double click on one of the Flash Player setup files to start the installation.
  • If you get a Security Warning box, click Run

    w7_ff4_stp3_v2.jpg
  • If you gat a UAC warning click Continue or Yes

    w7_ff4_stp4_v2_flash.jpg
  • Once the installation has completed, double click the other Flash Player setup file and repeat the above to install it.

 

 


  • 0

#59
ridethewave

ridethewave

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
The computer is running like it was when it was brand new. Much faster and loads in a flash.
  • 0

#60
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

That's what we like to hear. :yeah: Now I want you to check the Device Manager again and see if the Unknown Devices are gone. If they are still there, right click each one and click Uninstall. Then reboot the computer and if you have the installation CD or DVD for the All-In-One printer, please reinstall it and see if it will scan now.

 

If they aren't there then just reinstall the printer software and see if it will scan now.


  • 0






Similar Topics


Also tagged with one or more of these keywords: HP printer, HP computer

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP