[GregMiller]

I have a HP 2000 Notebook PC running Windows 8.

 

Smart PC Booster 7 wants to load and scan whenever the computer runs. It will not uninstall from the Control panel uninstall screen. It just asks if I am sure I want to uninstall. Naturally I select "Yes" and then it locks up.

 

This really persistent; I will need some help. I searched on the list of rogues and it's not listed.

 

Where do I start?

Edited by GregMiller, 22 July 2014 - 09:28 PM.

[Advertisements]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!



Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[Naathim]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!



Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[GregMiller]

Zoek.exe v5.0.0.0 Updated 22-07-2014
Tool run by Mary on Wed 07/23/2014 at 16:39:48.79.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mary\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 16:42:04.10 =====

--- Create Environment Variables 16:42:05.32
--- Create System Restore Point 16:42:11.14
--- Checking Input 16:42:12.37
--- Installed Programs 16:42:23.53
--- Processes 16:42:26.89
--- System Specs 16:42:36.50
--- Recently Created 16:42:44.59
 

[GregMiller]

Zoek.exe v5.0.0.0 Updated 22-07-2014
Tool run by Mary on Wed 07/23/2014 at 16:39:48.79.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mary\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7/23/2014 4:42:11 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

4 Elements II 
Adobe Shockwave Player 11.6 
Amazon Cloud Player 
Apple Software Update 
avast Free Antivirus 
Bejeweled 3 
Bonjour 
Build-a-lot 4 - Power Source 
Chuzzle Deluxe 
Cradle Of Egypt Collector's Edition 
Cradle of Rome 2 
CyberLink LabelPrint 
CyberLink Media Suite 10 
CyberLink Power2Go 8 
CyberLink PowerDVD 
CyberLink YouCam 
D3DX10 
Energy Star 
Farm Frenzy 
FATE: The Cursed King 
Final Drive Fury 
FlatOut 2 
Google Chrome 
Google Update Helper 
Governor of Poker 2 Premium Edition 
Hewlett-Packard ACLM.NET v1.2.2.3 
Hoyle Card Games 
HP Customer Experience Enhancements 
HP Documentation 
HP Games 
HP MyRoom 
HP Postscript Converter 
HP Quick Launch 
HP Recovery Manager 
HP Registration Service 
HP Software Framework 
HP Support Assistant 
HP Utility Center 
HP Wireless Button Driver 
iCloud 
Intel® Management Engine Components 
Intel® Processor Graphics 
Intel® SDK for OpenCL - CPU Only Runtime Package 
Intelr Trusted Connect Service Client 
Jewel Match 3 
John Deere Drive Green 
Luxor Evolved 
Mahjongg Dimensions Deluxe: Tiles in Time 
Malwarebytes Anti-Malware version 2.0.2.1012 
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) 
Microsoft Application Error Reporting 
Microsoft Office 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
More Games from WildTangent Games 
Mortimer Beckett and the Crimson Thief Premium Edition 
Mozilla Firefox 31.0 (x86 en-US) 
Mozilla Maintenance Service 
MSVCRT 
Mystery P.I. - Curious Case of Counterfeit Cove 
Norton Internet Security 
Peggle Nights 
Penguins 
Polar Bowler 
Polar Golfer 
Ralink RT5390R 802.11bgn Wi-Fi Adapter 
Realtek Ethernet Controller Driver 
Realtek High Definition Audio Driver 
Realtek PCIE Card Reader 
Roads of Rome 3 
SlimCleaner Plus 
Smart PC Booster 7 
swMSM 
Synaptics Pointing Device Driver 
Tales of Lagoona 
Update Installer for WildTangent Games App 
Vacation QuestT - Australia 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Installer 
Windows Live Language Selector 
Windows Live Movie Maker 
Windows Live Photo Common 
Windows Live Photo Gallery 
Windows Live PIMT Platform 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Windows Live Writer 
Windows Live Writer Resources 
Zuma's Revenge 

==== Running Processes ======================

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Users\Mary\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [NIS] - Norton Internet Security - "C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\diMaster.dll" /prefetch:1
R2 - [PasswordBox] - PasswordBox - "C:\Program Files (x86)\PasswordBox\pbbtnService.exe"
R2 - [SlimService] - SlimWare Utility Service Launcher - "C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe"
R2 - [UNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
R3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S2 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3984 MB
CPU Info: Intel® Pentium® CPU B960 @ 2.20GHz
CPU Speed: 2236.9 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVDRAM GT50N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  441.5GB | D:  23.5GB
Hard Disks - Free: C:  378.4GB | D:  2.8GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1
Time Zone: Pacific Standard Time
Motherboard *: Hewlett-Packard 1854
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Norton Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Norton Internet Security disabled
Internet Explorer Version: 10.0.9200.16921
Mozilla Firefox version: 31.0 (x86 en-US)
Google Chrome version: 36.0.1985.125
Shockwave Player version: 11.6.5r635

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-07-23 03:26:15 357CEBBCD99C8928A2D1A61A6CACC168 43152 ----a-w- C:\Windows\avastSS.scr
2014-07-21 00:25:26 87B7CDDFDBF7784B51464DF516B627D4 3795 ----a-w- C:\Windows\diagwrn.xml
2014-07-21 00:25:26 87B7CDDFDBF7784B51464DF516B627D4 3795 ----a-w- C:\Windows\diagerr.xml
====== C:\Users\Mary\AppData\Local\Temp ====
2014-07-23 03:24:29 465B48A225A741F723DF9773914E5613 3420040 ------w- C:\Users\Mary\AppData\Local\Temp\_av_iup.tm~a04956\New\aswOfferTool.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-23 22:27:02 1F3780A663053B4CAF108C3524E8CD40 497152 ----a-w- C:\Windows\SysWOW64\qedit.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-23 22:27:02 47C22FAAC1EC02467790C79B8DB6FCCB 596480 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-07-23 03:26:30 B46B41CE922CE5B7B055A28226DE2D79 307344 ----a-w- C:\Windows\Sysnative\aswBoot.exe
2014-07-23 02:36:28 0E9B223297AED1689FC7E9FA04FF70A1 65536 ------w- C:\Windows\Sysnative\Ikeext.etl
====== C:\Windows\Sysnative\drivers =====
2014-07-23 03:26:41 48DED912CDE54FC0923B9858512366E1 92008 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-07-23 03:26:40 471A311745848B80339436688A8286E6 224896 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-07-23 03:26:39 B8FDEDE963B82CFD23B3A53A3084666D 1041168 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2014-07-23 03:26:38 998B6692C48CEC0F078C9A26744DC899 426848 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-07-23 03:26:38 645D97385F3F284FB5604F9B970F4D24 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-07-23 03:26:37 FF1E537A3632CBB9A0BF72B9FD0878D5 79184 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-07-23 03:26:36 D95E64416A4A3ED6986E0F474DA934BD 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-07-23 03:26:34 A5757DE5F9C83AB40667A53D5126EA40 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-07-23 01:50:46 6D95A713F03A9AE56E99D00E809F2F90 30312 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2014-07-23 01:20:13 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-07-23 01:19:58 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-07-23 01:19:58 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-07-23 01:19:58 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-07-23 03:27:11 B4909AA1F04D48CA203071681BF72147 3882 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-07-23 03:27:11 7F124F4EFBAE66D359306479F665ED82 910 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 03:27:03 AACC42A8D2278904C4EAC22090432B95 906 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 03:27:03 987A1AE65DF77564E52F5515BBC14EAA 3646 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-07-23 03:27:00 -------- d-----w- C:\PROGRA~2\Google
2014-07-23 03:15:42 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
====== C:\Users\Mary\AppData\Roaming ======
2014-07-23 22:36:04 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
2014-07-23 03:27:00 -------- d-----w- C:\Users\Mary\AppData\Local\Google
2014-07-23 03:15:52 -------- d-----w- C:\Users\Mary\AppData\Local\Mozilla
2014-07-23 01:19:40 -------- d-----w- C:\Users\Mary\AppData\Local\Programs
====== C:\Users\Mary ======
2014-07-23 03:27:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-23 03:24:15 4AF4D1D156DF61FC7364D1193862A068 4862664 ----a-w- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-23 03:15:43 -------- d-----w- C:\ProgramData\Mozilla
2014-07-23 01:50:46 -------- d-----w- C:\ProgramData\RogueKiller

====== C: exe-files ==
2014-07-23 22:41:02 956672375AF066D958E4D07F5ABAFC1A 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe
2014-07-23 22:40:53 AC6998D92A311E7CF0B4DAEC3566F444 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateBroker.exe
2014-07-23 22:37:30 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateSetup.exe
2014-07-23 22:36:10 80E350E0AA963B2125896B13E60A4D68 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdateComRegisterShell64.exe
2014-07-23 22:36:09 AA0E4F73727BFC8BA404884B1C1DB719 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
2014-07-23 22:36:07 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleUpdate.exe
2014-07-23 22:36:07 397D14958D6C9C2B365469A857B2AC4E 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
2014-07-23 22:36:01 901AC7A94B75648F4084A37640473271 895120 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.24.15\GoogleUpdateSetup.exe
2014-07-23 03:27:34 5CA3B9DB1F03E19C4EAD46A7322D1D3F 39749712 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\36.0.1985.125\36.0.1985.125_chrome_installer.exe
2014-07-23 03:27:01 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-07-23 03:26:30 B46B41CE922CE5B7B055A28226DE2D79 307344 ----a-w- C:\Windows\System32\aswBoot.exe
2014-07-23 03:24:29 465B48A225A741F723DF9773914E5613 3420040 ------w- C:\Users\Mary\AppData\Local\Temp\_av_iup.tm~a04956\New\aswOfferTool.exe
2014-07-23 03:24:15 4AF4D1D156DF61FC7364D1193862A068 4862664 ----a-w- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-23 03:24:15 4AF4D1D156DF61FC7364D1193862A068 4862664 ----a-w- C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D24BPXFI\avast_free_antivirus_setup_online.exe
2014-07-23 03:15:43 BC24422CC00B3A862C60F8E71AB24A9F 109886 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2014-07-23 03:15:43 4E9D8041D352A33332FD6F59A3A78B03 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2014-07-23 03:13:04 2D122754D6884B01B54ACCEC9FB9CAAD 244120 ----a-w- C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D24BPXFI\Firefox Setup Stub 31.0.exe
2014-07-23 02:50:55 F976DB618B95F49AFB78A4F98219BC83 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ITO1RZ7.exe
2014-07-23 02:50:55 ED0E9BB92A113B598E2348FAC1FFC121 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILX67OM.exe
2014-07-23 02:50:55 DFB7E2DADBF4ED97E9C1CD9505969249 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IF7AQIJ.exe
2014-07-23 02:50:55 D0366BA2AF986A5ED39467A23C78DEDB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IQ3B8LQ.exe
2014-07-23 02:50:55 B81F9955ACFEE3F1B074C794957818B4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IL8PBNE.exe
2014-07-23 02:50:55 946CDEDD70BD6160437CB65B7EBF9AF6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IEN8SIG.exe
2014-07-23 02:50:55 764A04E8E65A30AF0A457D15749725E8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IYWP5BK.exe
2014-07-23 02:50:55 6239BE7DAA61A49CF09DFD01E50DB9AA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IAQYGE9.exe
2014-07-23 02:50:55 5FD16820D21CB2B3F905C0EAF848AE13 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I9NDKUD.exe
2014-07-23 02:50:55 5E67D342BAF551BE1084D38B8452E705 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I6Q9T9K.exe
2014-07-23 02:50:55 3D371BA9C31362358E5EBF13254447D4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$II5H3LK.exe
2014-07-23 02:50:55 29628F4CE6FD86A7FB3F2A8B51B92FEB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IQDSPDA.exe
2014-07-23 02:50:55 1B80D6788E99F37F9D65CA6EC132405A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I5G62SZ.exe
2014-07-23 02:50:54 F79A83E38D644A5B60C54731324D7556 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IW78ZN8.exe
2014-07-23 02:50:54 EDB3D365E4FF879E7926E6439ABB030C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ID5O30A.exe
2014-07-23 02:50:54 E777310CF7F3DB7A16270A6644C9BAA8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILF5RP4.exe
2014-07-23 02:50:54 D07ED57BC308CF703DCB0693860C0E9A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IZT1PVO.exe
2014-07-23 02:50:54 C88ED90269FE4E4FD05370F7889C5491 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IGR3OK1.exe
2014-07-23 02:50:54 B38D1339EDC55763128D717454614923 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IXO2P9Q.exe
2014-07-23 02:50:54 A070EA13F5EE8A69E8A7D2F999F1A38B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IB3KQRN.exe
2014-07-23 02:50:54 93499443E602A379DF111E92B23A46C6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IHTYXF0.exe
2014-07-23 02:50:54 91D71E0B0B1E09A078CF89E43B648749 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I8538T6.exe
2014-07-23 02:50:54 890EFA429411B323061D6B4439C1D05C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IRIPCPX.exe
2014-07-23 02:50:54 74DB62510D9FC91EE4F6A9A7F2B7B8D2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILY8L6W.exe
2014-07-23 02:50:54 72FE18FBD80EDA15361DABA034DFC52D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IEHC9DK.exe
2014-07-23 02:50:54 6C77EF25646DC6E332689D519FCC7103 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IQBLJ8S.exe
2014-07-23 02:50:54 53FC5A70BFA0A24A30ADD9A9CD369EB6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IZIY8ZN.exe
2014-07-23 02:50:54 36BB0E66DD132CF437FDBC6EC21C81F3 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I610Q3R.exe
2014-07-23 02:50:54 33120B378DE75E73FEEBA43FE8409326 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILRRYKN.exe
2014-07-23 02:50:54 252A5F12558CA753A0D262BACD36D940 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IESLCUW.exe
2014-07-23 02:50:54 1B0EC95DCFFE4B9568C6AAAC0FC464D1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IKB8FH6.exe
=== C: other files ==
2014-07-23 03:26:41 48DED912CDE54FC0923B9858512366E1 92008 ----a-w- C:\Windows\System32\Drivers\aswStm.sys
2014-07-23 03:26:40 471A311745848B80339436688A8286E6 224896 ----a-w- C:\Windows\System32\Drivers\aswVmm.sys
2014-07-23 03:26:39 B8FDEDE963B82CFD23B3A53A3084666D 1041168 ----a-w- C:\Windows\System32\Drivers\aswSnx.sys
2014-07-23 03:26:38 998B6692C48CEC0F078C9A26744DC899 426848 ----a-w- C:\Windows\System32\Drivers\aswSP.sys
2014-07-23 03:26:38 645D97385F3F284FB5604F9B970F4D24 65776 ----a-w- C:\Windows\System32\Drivers\aswRvrt.sys
2014-07-23 03:26:37 FF1E537A3632CBB9A0BF72B9FD0878D5 79184 ----a-w- C:\Windows\System32\Drivers\aswMonFlt.sys
2014-07-23 03:26:36 D95E64416A4A3ED6986E0F474DA934BD 29208 ----a-w- C:\Windows\System32\Drivers\aswHwid.sys
2014-07-23 03:26:34 A5757DE5F9C83AB40667A53D5126EA40 93568 ----a-w- C:\Windows\System32\Drivers\aswRdr2.sys
2014-07-23 01:50:46 6D95A713F03A9AE56E99D00E809F2F90 30312 ----a-w- C:\Windows\System32\Drivers\TrueSight.sys
2014-07-23 01:20:13 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-23 01:19:58 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\Drivers\mbam.sys
2014-07-23 01:19:58 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-23 01:19:58 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\Drivers\mwac.sys
2014-07-22 22:45:19 5570A74FF9B1EFBC5154DD1E2F05C517 593112 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\symnets.sys
2014-07-22 22:45:18 9F31630D7FC2DD9D5DA1CE359AAD1F46 1148120 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\symefa64.sys
2014-07-22 22:45:18 20F758E6339A16F97DD83389D582E09A 23568 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\symelam.sys
2014-07-22 22:45:17 F718A57D946EAC76EFCB351D74E269F4 875736 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\srtsp64.sys
2014-07-22 22:45:17 B18CE01B9C09C59422BA7C7064248B35 36952 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\srtspx64.sys
2014-07-22 22:45:17 5C9EE2303CA7F267665D75237862B39C 493656 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\symds64.sys
2014-07-22 22:45:17 48C2934683CBD06F662B088EEF49EF6A 264280 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\ironx64.sys
2014-07-22 22:45:15 0510396A957E9FD7205BA62D3CAE4528 162392 ----a-r- C:\Windows\System32\Drivers\NISx64\1504000.00D\ccsetx64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1681928911-3300868060-4103052442-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Amazon Cloud Player"="C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize"
"AVG-Secure-Search-Update_0414c"="C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe /PROMPT /CMPID=0414c "
"Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Amazon Cloud Player"="C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize"
"AVG-Secure-Search-Update_0414c"="C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe /PROMPT /CMPID=0414c "
"Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rel.job --a-------- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [04/25/2014 09:04 PM]
C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rmv.job --a-------- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [04/25/2014 09:04 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/22/2014 08:26 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/22/2014 08:26 PM]
C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - Mary).job --a-------- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [02/18/2014 04:17 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AVG-Secure-Search-Update_0414c_rel" [C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe]
"C:\Windows\SysNative\tasks\AVG-Secure-Search-Update_0414c_rmv" [C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe"]
"C:\Windows\SysNative\tasks\SlimCleaner Plus (Scheduled Scan - Mary)" [C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{2E3CE06D-6397-4CD0-B872-E69843E07DF8}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Ask4Expert\Smart PC Booster\Daily Scan" [C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe]
"C:\Windows\SysNative\tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup" [C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [07/22/2014 08:26 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\91j77sxk.default
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx[06/26/2014 03:22 AM]

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{172532AD-48B2-42B2-A678-5ACA4B2D1012}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...0TR&pc=CPNTDFJS"
{172532AD-48B2-42B2-A678-5ACA4B2D1012} Search  Url="http://search.condui...&q={searchTerms}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.co...54371-11896-2/4"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Wed 07/23/2014 at 16:47:28.82 ======================

[Naathim]

Hi

First of all, let's take care about multiple AntiVirus programs installed here.

Multiple Resident Protection warning!

Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

• avast Free Antivirus
• Norton Internet Security

Uninstallation procedure:

• Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.

After uninstalling one of them, please deploy also automated tool that will take care about the remnants (choose onle the one that will suit):
- Avast! Uninstall Utility
- Norton Removal Tool


Moving on,

Please tell me something about the software listed below. Was that your own decision to install it? It's legitimate, but I want to make sure that it's installed on purpose
- AVG Secure Search
- SlimCleaner Plus
Nowadays there's plenty of bundled software installations.


Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  C:\Program Files (x86)\Ask4Expert;fs
  C:\ProgramData\RogueKiller;vs
  C:\Windows\SysNative\tasks\Ask4Expert;fs
  reboot;
  

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Dont forget to re-enable your previuosly switched-off protection software!


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


Cheers,
Naat

[GregMiller]

Thanks - I'm at work and reading this on my lunch hour.

The reason there are two anti-virus programs is that Norton was on there and I decided to replace it with Avast. Then I had second thoughts and wanted to go this whole route so I cancelled it when it was in progress but I guess the cancellation didn't take. I know all about conflicting
anti-virus programs- I usually kill them all off and just load Avast.

When I get home tonight in 6 hours, I'll run your suggestions and post.

[Naathim]

Enjoy your meal

Take your time. I will be around

[GregMiller]

Zoek.exe v5.0.0.0 Updated 24-07-2014
Tool run by Mary on Thu 07/24/2014 at 16:21:09.85.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mary\AppData\Local\Temp\Temp2_zoek.zip\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-23-234728.log 32313 bytes

==== System Restore Info ======================

7/24/2014 4:22:12 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

4 Elements II 
Adobe Shockwave Player 11.6 
Amazon Cloud Player 
Apple Software Update 
avast Free Antivirus 
Bejeweled 3 
Bonjour 
Build-a-lot 4 - Power Source 
Chuzzle Deluxe 
Cradle Of Egypt Collector's Edition 
Cradle of Rome 2 
CyberLink LabelPrint 
CyberLink Media Suite 10 
CyberLink Power2Go 8 
CyberLink PowerDVD 
CyberLink YouCam 
D3DX10 
Energy Star 
Farm Frenzy 
FATE: The Cursed King 
Final Drive Fury 
FlatOut 2 
Governor of Poker 2 Premium Edition 
Hewlett-Packard ACLM.NET v1.2.2.3 
Hoyle Card Games 
HP Customer Experience Enhancements 
HP Documentation 
HP Games 
HP MyRoom 
HP Postscript Converter 
HP Quick Launch 
HP Recovery Manager 
HP Registration Service 
HP Software Framework 
HP Support Assistant 
HP Utility Center 
HP Wireless Button Driver 
iCloud 
Intel® Management Engine Components 
Intel® Processor Graphics 
Intel® SDK for OpenCL - CPU Only Runtime Package 
Intelr Trusted Connect Service Client 
Jewel Match 3 
John Deere Drive Green 
Luxor Evolved 
Mahjongg Dimensions Deluxe: Tiles in Time 
Malwarebytes Anti-Malware version 2.0.2.1012 
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) 
Microsoft Application Error Reporting 
Microsoft Office 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 
More Games from WildTangent Games 
Mortimer Beckett and the Crimson Thief Premium Edition 
Mozilla Firefox 31.0 (x86 en-US) 
Mozilla Maintenance Service 
MSVCRT 
Mystery P.I. - Curious Case of Counterfeit Cove 
Peggle Nights 
Penguins 
Polar Bowler 
Polar Golfer 
Ralink RT5390R 802.11bgn Wi-Fi Adapter 
Realtek Ethernet Controller Driver 
Realtek High Definition Audio Driver 
Realtek PCIE Card Reader 
Roads of Rome 3 
Smart PC Booster 7 
swMSM 
Synaptics Pointing Device Driver 
Tales of Lagoona 
Update Installer for WildTangent Games App 
Vacation QuestT - Australia 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Installer 
Windows Live Language Selector 
Windows Live Movie Maker 
Windows Live Photo Common 
Windows Live Photo Gallery 
Windows Live PIMT Platform 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Windows Live Writer 
Windows Live Writer Resources 
Zuma's Revenge 

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [HP Support Assistant Service] - HP Support Assistant Service - "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
R2 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
R2 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [PasswordBox] - PasswordBox - "C:\Program Files (x86)\PasswordBox\pbbtnService.exe"
R2 - [UNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [hpqwmiex] - HP Software Framework Service - "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [WinDefend] - Windows Defender Service - "C:\Program Files\Windows Defender\MsMpEng.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3984 MB
CPU Info: Intel® Pentium® CPU B960 @ 2.20GHz
CPU Speed: 2259.3 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVDRAM GT50N
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  441.5GB | D:  23.5GB
Hard Disks - Free: C:  379.4GB | D:  2.8GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1
Time Zone: Pacific Standard Time
Motherboard *: Hewlett-Packard 1854
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 10.0.9200.17028
Mozilla Firefox version: 31.0 (x86 en-US)
Shockwave Player version: 11.6.5r635

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-07-23 03:26:15 357CEBBCD99C8928A2D1A61A6CACC168 43152 ----a-w- C:\Windows\avastSS.scr
2014-07-21 00:25:26 87B7CDDFDBF7784B51464DF516B627D4 3795 ----a-w- C:\Windows\diagwrn.xml
2014-07-21 00:25:26 87B7CDDFDBF7784B51464DF516B627D4 3795 ----a-w- C:\Windows\diagerr.xml
====== C:\Users\Mary\AppData\Local\Temp ====
2014-07-23 03:24:29 465B48A225A741F723DF9773914E5613 3420040 ------w- C:\Users\Mary\AppData\Local\Temp\_av_iup.tm~a04956\New\aswOfferTool.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-24 22:30:06 8C64829D720733298E5CAD99E5F82448 703968 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 22:30:06 06493306FF37328C0B8DC94F7A82DA85 105440 ----a-w- C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-23 22:29:01 A30A616F4026FD52E519EA401DE0C2FC 1440256 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-23 22:28:35 A6F3DB155D86513C142C4CC8A0E7B6C0 452608 ----a-w- C:\Windows\SysWOW64\SHCore.dll
2014-07-23 22:28:11 8795FB612463119D7560EBA9C7F8784D 14368768 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-07-23 22:27:57 49E69D3C71522F14E88361139C96C4A7 226816 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-07-23 22:27:56 A3FB2F617F15586B66A6E0ACF3A380FE 13732352 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-07-23 22:27:54 D143C6B9624E29E0AA1D682C9A678C95 2863616 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-07-23 22:27:53 43E4E8F5AFDD1A5E0D269D1DE5C717EB 2051072 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-07-23 22:27:49 61B1C74ED24F2CD5D1B0C20AC51492F6 1141760 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-07-23 22:27:49 27631A4D65AB1FA5718EBBFED05B7815 1766400 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-07-23 22:27:36 D97646D8E83B5AA8198182449C7FDCBF 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-07-23 22:27:36 841997B03FC48A0713247837563EF1D6 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-07-23 22:27:36 45E1DA8EF50FB8E5227CE8423EA43055 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2014-07-23 22:27:36 2ECF28B5EE03B12FAB7DFA680178B0BC 1440768 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-07-23 22:27:36 26582E103FD52094FC5ECA619BDE93FF 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2014-07-23 22:27:36 1B91409DA29A30D899D257BCF86FD5B3 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-07-23 22:27:35 EFFC098B09760FFEEAE1C10533D74017 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-07-23 22:27:35 9A598E8923FBF88DF356D6A523D56FA0 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll
2014-07-23 22:27:35 71A5B696671E2CC42376FF1ED9575C37 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-07-23 22:27:35 5FE1032BC879A8F39EA6F90FDD8DD838 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-07-23 22:27:35 4A09112A94AC63DA93FF17F1E76DFA68 80896 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-07-23 22:27:35 2347AFDAF9DA06C99091227C93B884CC 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll
2014-07-23 22:27:35 1DB8DD378F5851CFC0D699A4B5EBA559 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-07-23 22:27:34 6D4A861C832CD598DE1267939CCEB154 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-07-23 22:27:02 1F3780A663053B4CAF108C3524E8CD40 497152 ----a-w- C:\Windows\SysWOW64\qedit.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-24 22:37:35 7154959211AE81B520D4DC384D9C3AA3 281088 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT
2014-07-23 22:29:01 462E0B687C91D7366854C2F6BFB00E58 1557504 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-23 22:29:01 3B3BCB93ACAC16C8BAB1F0CBBFADDC05 4038144 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-23 22:28:36 B4D60F193E7088A5020A9BFDAF0A8488 1281536 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-07-23 22:28:36 863C8A0F3F90E0E8D715AE9AB46FAC3B 588288 ----a-w- C:\Windows\Sysnative\SHCore.dll
2014-07-23 22:28:35 1DC9B701F8EB7D67774035AC9C3104F6 439808 ----a-w- C:\Windows\Sysnative\lsm.dll
2014-07-23 22:28:28 4D7AC68CB6BF3EB476842F225F02D256 702464 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-07-23 22:28:27 C11C1BDBDE9ABD55717EDBC3842691D8 394240 ----a-w- C:\Windows\Sysnative\devinv.dll
2014-07-23 22:28:27 410DD3FB1F579E79EB9AAAF66364B837 556544 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-07-23 22:28:27 1A7AE6987B1D6AE17E03FD0862F8BD40 87552 ----a-w- C:\Windows\Sysnative\aepic.dll
2014-07-23 22:28:07 0DF61F84BC5542FFDA2F64D6697358E1 19277312 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-07-23 22:27:58 B56946EED9F6571EE1DB2A7FF6C0E47C 15369728 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-07-23 22:27:57 DAF42D53210C8FEC9087AD1E44C67854 255488 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-07-23 22:27:57 B07200A237E54AC9D453DE3661FF31C4 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-07-23 22:27:55 3A691F30BB012EE0A4CC3E74BAFF1D66 2650624 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-07-23 22:27:50 CE6BBFFF2FEB9E43C58350AA506EDAB1 1366528 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-07-23 22:27:50 27E552632E6394DE0FA555EFDBA29A49 2239488 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-07-23 22:27:47 E40183B5A2DC1C5761AE51E34312ACA5 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-07-23 22:27:45 FC66C25C9060E0681A4ABCB96EC26A4F 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2014-07-23 22:27:38 74869FE2697E4A881B7C8C9F615F1204 1508864 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-07-23 22:27:36 F43351A68833FC80135A394A656F4F4B 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2014-07-23 22:27:36 CD2974BD1BB6551260AAB3D4D04BECD5 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-07-23 22:27:36 C0B6B7F1A1DFE1D6BC9C708AC221C82C 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll
2014-07-23 22:27:36 91FC6F95B04FD48DC6EBB99AE218D21B 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-07-23 22:27:36 5A000C8F02B22EF8F99F6D988A7A0444 97792 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-07-23 22:27:35 CAB7A75725D29A63F464996A9FA2752E 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-07-23 22:27:35 A6B7A11B37C1BF854D9AC43CFE215A22 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-07-23 22:27:35 9489C3323D2BCFB3AF60475CCDA66B1A 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-07-23 22:27:35 9046B20273767138A1A0CFABD005DFF0 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-07-23 22:27:35 200E468E3E83481DE4C08CB786DB19FC 197120 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-07-23 22:27:35 10E1EC58E8B8BCD14DA36AAB8647009F 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll
2014-07-23 22:27:34 239293442AE3873D253BFEE72AD01874 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-07-23 22:27:19 962025110A396E6D7790DA2CD4D8D424 265216 ----a-w- C:\Windows\Sysnative\InkEd.dll
2014-07-23 22:27:02 47C22FAAC1EC02467790C79B8DB6FCCB 596480 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-07-23 03:26:30 B46B41CE922CE5B7B055A28226DE2D79 307344 ----a-w- C:\Windows\Sysnative\aswBoot.exe
2014-07-23 02:36:28 8BB32AEC31B811A186413CA1C43173D7 65536 ------w- C:\Windows\Sysnative\Ikeext.etl
====== C:\Windows\Sysnative\drivers =====
2014-07-23 22:27:07 FE7FB9612D354EB41DF4F0FF5D6FB259 576512 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2014-07-23 03:26:41 48DED912CDE54FC0923B9858512366E1 92008 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-07-23 03:26:40 471A311745848B80339436688A8286E6 224896 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-07-23 03:26:39 B8FDEDE963B82CFD23B3A53A3084666D 1041168 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2014-07-23 03:26:38 645D97385F3F284FB5604F9B970F4D24 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-07-23 03:26:38 0DEDC041DF594AEC2C3BD00417CFAF60 427360 ----a-w- C:\Windows\Sysnative\drivers\aswsp.sys
2014-07-23 03:26:37 FF1E537A3632CBB9A0BF72B9FD0878D5 79184 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-07-23 03:26:36 D95E64416A4A3ED6986E0F474DA934BD 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-07-23 03:26:34 A5757DE5F9C83AB40667A53D5126EA40 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-07-23 01:50:46 6D95A713F03A9AE56E99D00E809F2F90 30312 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2014-07-23 01:20:13 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-07-23 01:19:58 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-07-23 01:19:58 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-07-23 01:19:58 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-07-24 23:21:10 5D99923386B85519CE4A3695213AE2C5 3102 ----a-w- C:\Windows\Sysnative\Tasks\{918B5A9A-0319-41C0-B2B5-A7741E21B701}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-07-23 03:27:00 -------- d-----w- C:\PROGRA~2\Google
2014-07-23 03:15:42 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
====== C:\Users\Mary\AppData\Roaming ======
2014-07-24 23:16:57 -------- d-----w- C:\Users\Mary\AppData\Local\CrashDumps
2014-07-24 22:55:24 407AAB8C27CF7081EECE071C90A65B83 17 ----a-w- C:\Users\Mary\AppData\Local\resmon.resmoncfg
2014-07-23 22:36:04 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
2014-07-23 03:27:00 -------- d-----w- C:\Users\Mary\AppData\Local\Google
2014-07-23 03:15:52 -------- d-----w- C:\Users\Mary\AppData\Local\Mozilla
2014-07-23 01:19:40 -------- d-----w- C:\Users\Mary\AppData\Local\Programs
====== C:\Users\Mary ======
2014-07-23 03:24:15 4AF4D1D156DF61FC7364D1193862A068 4862664 ----a-w- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-23 03:15:43 -------- d-----w- C:\ProgramData\Mozilla
2014-07-23 01:50:46 -------- d-----w- C:\ProgramData\RogueKiller

====== C: exe-files ==
2014-07-24 22:30:06 8C64829D720733298E5CAD99E5F82448 703968 ----a-w- C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 22:29:13 7A208E2DEC20620D0744FADA1BC023C0 4732864 ----a-w- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1.35.0.3686[1].exe
2014-07-23 22:29:01 A30A616F4026FD52E519EA401DE0C2FC 1440256 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-23 22:29:01 462E0B687C91D7366854C2F6BFB00E58 1557504 ----a-w- C:\Windows\System32\osk.exe
2014-07-23 22:29:01 3627331CB17CAD13004EE9F9B2AEB457 394624 ----a-w- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2014-07-23 22:28:29 19537AC5FC1B91E01CF51CE2235DC33D 340480 ----a-w- C:\Windows\System32\IME\SHARED\ImeBroker.exe
2014-07-23 22:28:28 B1544CE66FD0135A170F09B66A9E7800 172200 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-07-23 22:28:28 679A800CFFBB8EA970506887045F2E41 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-07-23 22:27:42 B606732D1F1948DF9CE9E30517E17268 775320 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-07-23 22:27:41 F37633EA6056B7F7DE685FB7F6DFB1FC 770704 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-07-23 22:27:35 CAB7A75725D29A63F464996A9FA2752E 51712 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-07-23 22:27:35 906DD419A6F121F971602CFF4A27B8BC 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-07-23 22:27:35 8597633E306B3793FB353C02DBFBE52F 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-07-23 03:26:30 B46B41CE922CE5B7B055A28226DE2D79 307344 ----a-w- C:\Windows\System32\aswBoot.exe
2014-07-23 03:24:29 465B48A225A741F723DF9773914E5613 3420040 ------w- C:\Users\Mary\AppData\Local\Temp\_av_iup.tm~a04956\New\aswOfferTool.exe
2014-07-23 03:24:15 4AF4D1D156DF61FC7364D1193862A068 4862664 ----a-w- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-23 03:24:15 4AF4D1D156DF61FC7364D1193862A068 4862664 ----a-w- C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D24BPXFI\avast_free_antivirus_setup_online.exe
2014-07-23 03:15:43 BC24422CC00B3A862C60F8E71AB24A9F 109886 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2014-07-23 03:15:43 4E9D8041D352A33332FD6F59A3A78B03 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2014-07-23 03:13:04 2D122754D6884B01B54ACCEC9FB9CAAD 244120 ----a-w- C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D24BPXFI\Firefox Setup Stub 31.0.exe
2014-07-23 02:50:55 F976DB618B95F49AFB78A4F98219BC83 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ITO1RZ7.exe
2014-07-23 02:50:55 ED0E9BB92A113B598E2348FAC1FFC121 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILX67OM.exe
2014-07-23 02:50:55 DFB7E2DADBF4ED97E9C1CD9505969249 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IF7AQIJ.exe
2014-07-23 02:50:55 D0366BA2AF986A5ED39467A23C78DEDB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IQ3B8LQ.exe
2014-07-23 02:50:55 B81F9955ACFEE3F1B074C794957818B4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IL8PBNE.exe
2014-07-23 02:50:55 946CDEDD70BD6160437CB65B7EBF9AF6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IEN8SIG.exe
2014-07-23 02:50:55 764A04E8E65A30AF0A457D15749725E8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IYWP5BK.exe
2014-07-23 02:50:55 6239BE7DAA61A49CF09DFD01E50DB9AA 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IAQYGE9.exe
2014-07-23 02:50:55 5FD16820D21CB2B3F905C0EAF848AE13 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I9NDKUD.exe
2014-07-23 02:50:55 5E67D342BAF551BE1084D38B8452E705 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I6Q9T9K.exe
2014-07-23 02:50:55 3D371BA9C31362358E5EBF13254447D4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$II5H3LK.exe
2014-07-23 02:50:55 29628F4CE6FD86A7FB3F2A8B51B92FEB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IQDSPDA.exe
2014-07-23 02:50:55 1B80D6788E99F37F9D65CA6EC132405A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I5G62SZ.exe
2014-07-23 02:50:54 F79A83E38D644A5B60C54731324D7556 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IW78ZN8.exe
2014-07-23 02:50:54 EDB3D365E4FF879E7926E6439ABB030C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ID5O30A.exe
2014-07-23 02:50:54 E777310CF7F3DB7A16270A6644C9BAA8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILF5RP4.exe
2014-07-23 02:50:54 D07ED57BC308CF703DCB0693860C0E9A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IZT1PVO.exe
2014-07-23 02:50:54 C88ED90269FE4E4FD05370F7889C5491 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IGR3OK1.exe
2014-07-23 02:50:54 B38D1339EDC55763128D717454614923 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IXO2P9Q.exe
2014-07-23 02:50:54 A070EA13F5EE8A69E8A7D2F999F1A38B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IB3KQRN.exe
2014-07-23 02:50:54 93499443E602A379DF111E92B23A46C6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IHTYXF0.exe
2014-07-23 02:50:54 91D71E0B0B1E09A078CF89E43B648749 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I8538T6.exe
2014-07-23 02:50:54 890EFA429411B323061D6B4439C1D05C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IRIPCPX.exe
2014-07-23 02:50:54 74DB62510D9FC91EE4F6A9A7F2B7B8D2 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILY8L6W.exe
2014-07-23 02:50:54 72FE18FBD80EDA15361DABA034DFC52D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IEHC9DK.exe
2014-07-23 02:50:54 6C77EF25646DC6E332689D519FCC7103 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IQBLJ8S.exe
2014-07-23 02:50:54 53FC5A70BFA0A24A30ADD9A9CD369EB6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IZIY8ZN.exe
2014-07-23 02:50:54 36BB0E66DD132CF437FDBC6EC21C81F3 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$I610Q3R.exe
2014-07-23 02:50:54 33120B378DE75E73FEEBA43FE8409326 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$ILRRYKN.exe
2014-07-23 02:50:54 252A5F12558CA753A0D262BACD36D940 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IESLCUW.exe
2014-07-23 02:50:54 1B0EC95DCFFE4B9568C6AAAC0FC464D1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-1681928911-3300868060-4103052442-1001\$IKB8FH6.exe
=== C: other files ==
2014-07-23 22:29:01 3B3BCB93ACAC16C8BAB1F0CBBFADDC05 4038144 ----a-w- C:\Windows\System32\win32k.sys
2014-07-23 22:27:07 FE7FB9612D354EB41DF4F0FF5D6FB259 576512 ----a-w- C:\Windows\System32\Drivers\afd.sys
2014-07-23 03:26:41 48DED912CDE54FC0923B9858512366E1 92008 ----a-w- C:\Windows\System32\Drivers\aswStm.sys
2014-07-23 03:26:40 471A311745848B80339436688A8286E6 224896 ----a-w- C:\Windows\System32\Drivers\aswVmm.sys
2014-07-23 03:26:39 B8FDEDE963B82CFD23B3A53A3084666D 1041168 ----a-w- C:\Windows\System32\Drivers\aswSnx.sys
2014-07-23 03:26:38 645D97385F3F284FB5604F9B970F4D24 65776 ----a-w- C:\Windows\System32\Drivers\aswRvrt.sys
2014-07-23 03:26:38 0DEDC041DF594AEC2C3BD00417CFAF60 427360 ----a-w- C:\Windows\System32\Drivers\aswsp.sys
2014-07-23 03:26:37 FF1E537A3632CBB9A0BF72B9FD0878D5 79184 ----a-w- C:\Windows\System32\Drivers\aswMonFlt.sys
2014-07-23 03:26:36 D95E64416A4A3ED6986E0F474DA934BD 29208 ----a-w- C:\Windows\System32\Drivers\aswHwid.sys
2014-07-23 03:26:34 A5757DE5F9C83AB40667A53D5126EA40 93568 ----a-w- C:\Windows\System32\Drivers\aswRdr2.sys
2014-07-23 01:50:46 6D95A713F03A9AE56E99D00E809F2F90 30312 ----a-w- C:\Windows\System32\Drivers\TrueSight.sys
2014-07-23 01:20:13 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-07-23 01:19:58 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\Drivers\mbam.sys
2014-07-23 01:19:58 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\Drivers\mbamchameleon.sys
2014-07-23 01:19:58 0664F6335F108F38FE08C3CA747311EE 64216 ----a-w- C:\Windows\System32\Drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1681928911-3300868060-4103052442-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Amazon Cloud Player"="C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize"
"AVG-Secure-Search-Update_0414c"="C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe /PROMPT /CMPID=0414c "
"Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Amazon Cloud Player"="C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
"SlimCleaner Plus"="C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe /minimize"
"AVG-Secure-Search-Update_0414c"="C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe /PROMPT /CMPID=0414c "
"Power2GoExpress8"="C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rel.job --a-------- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [04/25/2014 09:04 PM]
C:\Windows\tasks\AVG-Secure-Search-Update_0414c_rmv.job --a-------- C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [04/25/2014 09:04 PM]
C:\Windows\tasks\SlimCleaner Plus (Scheduled Scan - Mary).job --a-------- C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AVG-Secure-Search-Update_0414c_rel" [C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe]
"C:\Windows\SysNative\tasks\AVG-Secure-Search-Update_0414c_rmv" [C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe]
"C:\Windows\SysNative\tasks\SlimCleaner Plus (Scheduled Scan - Mary)" [C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{2E3CE06D-6397-4CD0-B872-E69843E07DF8}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Ask4Expert\Smart PC Booster\Daily Scan" [C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe]
"C:\Windows\SysNative\tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup" [C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [07/22/2014 08:26 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\91j77sxk.default
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================

Google Docs - Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{172532AD-48B2-42B2-A678-5ACA4B2D1012}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...0TR&pc=CPNTDFJS"
{172532AD-48B2-42B2-A678-5ACA4B2D1012} Search  Url="http://search.condui...&q={searchTerms}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.co...54371-11896-2/4"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 07/24/2014 at 16:28:03.49 ======================

 

 

I tried to download Farbar  but I keep getting message from Windows defender that is kept a harmful (unrecognized) program from downloading. I will try to disable windows defender and try again.

[GregMiller]

I went to the control panel to temp disable Defender but I got a message that it was already disabled.

 

Windows 8 is odd and set up oddly.

[Naathim]

Please answer also my questions about the other software:

Please tell me something about the software listed below. Was that your own decision to install it? It's legitimate, but I want to make sure that it's installed on purpose
- AVG Secure Search
- SlimCleaner Plus
Nowadays there's plenty of bundled software installations.

Cheers,
Naat

[GregMiller]

Those programs are new to me. No idea how they arrived.

[Naathim]

OK, please proceed with FRST. This tool is often targeted by AV software as dangerous, beacuse it contains scripts that are able to kill processes and move files with strong procedures.

Be assured, that it's prefectly safe, so download it and follow my previous instructions

Naat

[GregMiller]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by Mary at 2014-07-25 09:26:19
Running from C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGYA9B8R
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.6.7225 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Smart PC Booster 7 (HKLM-x32\...\Smart PC Booster 7) (Version: 7.3.4.301 - Ask4Expert Technologies Pvt Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

29-06-2014 15:28:15 Scheduled Checkpoint
23-07-2014 03:24:58 avast! antivirus system restore point
24-07-2014 22:43:20 Removed SlimCleaner Plus

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1420E991-E0BE-429B-9FA8-395149514BE1} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {25F97061-545E-4BAF-B9BD-605E32F10939} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: {2655AE4E-4FBC-42B7-A6DB-7D02215EB1A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {274937C2-D480-4EEC-BEAF-708686E78D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {42E02F5A-DE66-4842-8ABF-9EB373143955} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {489EF924-422F-4840-AA64-488ABCB1DDB1} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: {55888750-D2D8-4739-BAFA-145EBB14AD8B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {654884EF-41BC-48EA-B1B6-FD21CA79B1F0} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {7979E053-BAA9-45B1-9288-3471D7D5F777} - System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe [2013-06-18] ()
Task: {7CEC6C5E-60D8-4709-9C74-27C0B432F821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7E012D5D-F536-4964-B6F1-0FC1E64C4971} - \LaunchApp No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C0D65F4C-E834-4354-AEEC-0947868AB623} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-13] (Microsoft Corporation)
Task: {C3D2D579-211F-4666-B76D-2374D8DD5D81} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Mary) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DC0871BF-4BEC-4D8D-8047-395CB97BE02F} - \DTChk No Task File <==== ATTENTION
Task: {E1BB0682-DF62-4EAA-B604-E7B46DBCA547} - \RegClean Pro No Task File <==== ATTENTION
Task: {E4BCA6CC-C837-47DA-8879-6860FF40B14B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F9A0F3B8-6C42-4E07-9E9E-03201CF912CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Mary).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (whitelisted) =============

2014-04-25 21:04 - 2014-04-25 21:04 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2012-10-20 09:38 - 2012-10-20 09:38 - 00311808 _____ () C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\SDShlExt-x64.dll
2014-05-16 22:29 - 2014-05-16 22:29 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 13:17 - 2012-08-08 13:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-31 09:49 - 2014-01-14 12:46 - 03140608 _____ () C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-07-22 20:26 - 2014-07-22 20:26 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-24 15:29 - 2014-07-24 15:29 - 02794496 _____ () C:\Program Files\AVAST Software\Avast\defs\14072400\algo.dll
2014-07-24 15:46 - 2014-07-24 15:46 - 02794496 _____ () C:\Program Files\AVAST Software\Avast\defs\14072401\algo.dll
2014-05-14 09:45 - 2014-05-14 09:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2012-10-12 05:27 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-05-04 14:02 - 2014-02-20 21:13 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-05-04 14:02 - 2013-12-29 18:20 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-05-04 14:02 - 2014-02-20 21:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2014-07-22 20:26 - 2014-07-22 20:26 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0414c"
HKCU\...\StartupApproved\Run: => "SlimCleaner Plus"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2014 06:31:16 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/24/2014 04:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf8d9
Exception code: 0xc0000005
Fault offset: 0x0015948b
Faulting process id: 0x55c
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5

Error: (07/24/2014 04:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf8d9
Exception code: 0xc0000005
Fault offset: 0x0015948b
Faulting process id: 0x410
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5

Error: (07/24/2014 04:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf8d9
Exception code: 0xc0000005
Fault offset: 0x0015948b
Faulting process id: 0x12e4
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5

Error: (07/23/2014 03:18:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e58

Start Time: 01cfa6c3e24fe594

Termination Time: 4294967295

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 38ccd5c9-12b7-11e4-bea1-78e3b582338c

Faulting package full name:

Faulting package-relative application ID:

Error: (07/23/2014 03:18:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARYSPC)
Description: Package DefaultBrowser_NOPUBLISHERID was terminated because it took too long to suspend.

Error: (07/22/2014 07:53:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 7.3.4.301 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a4

Start Time: 01cfa62066c8f870

Termination Time: 4294967295

Application Path: C:\Users\Mary\AppData\Local\Temp\~nsu.tmp\Au_.exe

Report Id: 74ceb488-1214-11e4-be9f-78e3b582338c

Faulting package full name:

Faulting package-relative application ID:

Error: (07/22/2014 07:36:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E290270C-04D7-48D1-8130-BC69A1436508}: The user SYSTEM dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 651.

Error: (07/22/2014 07:29:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={30C59E6F-A9A8-47AB-886B-5F4787B1433B}: The user SYSTEM dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (07/22/2014 07:27:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 152c

Start Time: 01cfa61d859f300d

Termination Time: 16

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: d64cc785-1210-11e4-be9e-78e3b582338c

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (07/24/2014 03:45:23 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/24/2014 03:36:42 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/24/2014 03:36:20 PM) (Source: DCOM) (EventID: 10010) (User: MARYSPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/24/2014 03:32:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! EmHWID service failed to start due to the following error:
%%127

Error: (07/24/2014 03:27:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/24/2014 03:26:09 PM) (Source: DCOM) (EventID: 10010) (User: MARYSPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/22/2014 08:06:12 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/22/2014 08:02:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/22/2014 07:40:38 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (07/22/2014 07:40:03 PM) (Source: DCOM) (EventID: 10010) (User: MARYSPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Microsoft Office Sessions:
=========================
Error: (07/25/2014 06:31:16 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/24/2014 04:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.2.9200.16765528bf8d9c00000050015948b55c01cfa79b38de04beC:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\Windows\SYSTEM32\d2d1.dll787ef253-138e-11e4-bea4-78e3b582338c

Error: (07/24/2014 04:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.2.9200.16765528bf8d9c00000050015948b41001cfa795c1f88f70C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\Windows\SYSTEM32\d2d1.dll03a578fb-1389-11e4-bea4-78e3b582338c

Error: (07/24/2014 04:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.2.9200.16765528bf8d9c00000050015948b12e401cfa795590085f8C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\Windows\SYSTEM32\d2d1.dll99ff6f27-1388-11e4-bea4-78e3b582338c

Error: (07/23/2014 03:18:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe10.0.9200.16921e5801cfa6c3e24fe5944294967295C:\Program Files\Internet Explorer\iexplore.exe38ccd5c9-12b7-11e4-bea1-78e3b582338c

Error: (07/23/2014 03:18:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARYSPC)
Description: DefaultBrowser_NOPUBLISHERID

Error: (07/22/2014 07:53:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Au_.exe7.3.4.30110a401cfa62066c8f8704294967295C:\Users\Mary\AppData\Local\Temp\~nsu.tmp\Au_.exe74ceb488-1214-11e4-be9f-78e3b582338c

Error: (07/22/2014 07:36:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {E290270C-04D7-48D1-8130-BC69A1436508}SYSTEMBroadband Connection 2651

Error: (07/22/2014 07:29:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {30C59E6F-A9A8-47AB-886B-5F4787B1433B}SYSTEMBroadband Connection0

Error: (07/22/2014 07:27:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16921152c01cfa61d859f300d16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd64cc785-1210-11e4-be9e-78e3b582338c

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3983.27 MB
Available physical RAM: 2346.96 MB
Total Pagefile: 6927.27 MB
Available Pagefile: 5218.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.52 GB) (Free:379.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.47 GB) (Free:2.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C2C9F703)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Mary (administrator) on MARYSPC on 25-07-2014 09:25:29
Running from C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGYA9B8R
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-22] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [Amazon Cloud Player] => C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize 
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-25] ()
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-20] (CyberLink Corp.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1AMPCBOK -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1AMPCBSyncing -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} =>  No File
ShellIconOverlayIdentifiers-x32: 1AMPCBOK -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: 1AMPCBSyncing -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKCU - {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136

FireFox:
========
FF ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\91j77sxk.default
FF Homepage: hxxp://www.google.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-22]

Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-24]
CHR Extension: (Google Drive) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24]
CHR Extension: (YouTube) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24]
CHR Extension: (Google Search) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-24]
CHR Extension: (Gmail) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-22] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-09] (AVG Technologies)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 09:24 - 2014-07-25 09:25 - 00000000 ____D () C:\FRST
2014-07-24 16:40 - 2014-07-24 16:40 - 02093568 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2014-07-24 16:35 - 2014-07-24 16:35 - 00003128 _____ () C:\Windows\System32\Tasks\{6C2F490E-378E-4112-9D3D-AEC7E983A34C}
2014-07-24 16:22 - 2014-07-23 16:47 - 00032313 _____ () C:\zoek-results2014-07-23-234728.log
2014-07-24 16:21 - 2014-07-24 16:21 - 00003102 _____ () C:\Windows\System32\Tasks\{918B5A9A-0319-41C0-B2B5-A7741E21B701}
2014-07-24 16:19 - 2014-07-24 16:36 - 00000022 _____ () C:\Users\Mary\Downloads\zoek.zip
2014-07-24 16:19 - 2014-07-24 16:35 - 00000000 ____D () C:\Users\Mary\Downloads\zoek
2014-07-24 16:16 - 2014-07-24 16:58 - 00000000 ____D () C:\Users\Mary\AppData\Local\CrashDumps
2014-07-24 16:09 - 2014-07-24 16:09 - 00000120 _____ () C:\Users\Mary\Desktop\GEEKS.url
2014-07-24 15:55 - 2014-07-24 15:55 - 00000017 _____ () C:\Users\Mary\AppData\Local\resmon.resmoncfg
2014-07-24 15:37 - 2014-07-24 15:37 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 15:30 - 2014-06-26 13:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 15:30 - 2014-06-26 13:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 15:26 - 2014-07-24 15:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-23 16:42 - 2014-07-24 16:28 - 00035907 _____ () C:\zoek-results.log
2014-07-23 16:39 - 2014-07-23 16:39 - 00000000 ____D () C:\zoek_backup
2014-07-23 15:29 - 2014-06-17 16:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-23 15:29 - 2014-06-17 16:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-23 15:29 - 2014-06-10 21:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-23 15:28 - 2014-06-30 15:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-23 15:28 - 2014-06-30 15:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-23 15:28 - 2014-06-30 15:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-23 15:28 - 2014-06-27 20:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-23 15:28 - 2014-06-18 19:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-23 15:28 - 2014-06-18 17:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-23 15:28 - 2014-05-29 16:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-23 15:28 - 2014-05-29 16:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-23 15:28 - 2014-05-29 16:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-23 15:28 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-23 15:27 - 2014-06-18 19:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-23 15:27 - 2014-06-18 19:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-23 15:27 - 2014-06-18 19:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-23 15:27 - 2014-06-18 17:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-23 15:27 - 2014-06-18 17:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-23 15:27 - 2014-06-18 17:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-23 15:27 - 2014-06-18 17:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-23 15:27 - 2014-06-18 15:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-23 15:27 - 2014-06-06 07:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-23 15:27 - 2014-06-06 03:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-23 15:27 - 2014-06-02 15:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-23 15:27 - 2014-05-29 15:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-23 15:19 - 2014-07-23 15:19 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\AVAST Software
2014-07-22 20:27 - 2014-07-24 16:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-22 20:27 - 2014-07-23 15:17 - 00000000 ____D () C:\Users\Mary\AppData\Local\Google
2014-07-22 20:26 - 2014-07-24 15:32 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-22 20:26 - 2014-07-22 20:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-22 20:26 - 2014-07-22 20:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-22 20:25 - 2014-07-22 20:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-22 20:24 - 2014-07-22 20:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-22 20:24 - 2014-07-22 20:24 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-22 20:15 - 2014-07-22 20:15 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Users\Mary\AppData\Local\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 19:38 - 2014-07-22 19:39 - 00000000 ____D () C:\AdwCleaner
2014-07-22 19:36 - 2014-07-24 15:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-22 18:50 - 2014-07-22 18:50 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 18:50 - 2014-07-22 18:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 18:20 - 2014-07-22 19:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 18:20 - 2014-07-22 18:38 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 18:20 - 2014-07-22 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 18:19 - 2014-07-22 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-22 18:19 - 2014-07-22 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 18:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-22 18:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-22 18:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 17:30 - 2014-07-20 17:30 - 00000493 _____ () C:\Windows\comsetup.log
2014-07-20 17:25 - 2014-07-20 17:30 - 00003795 _____ () C:\Windows\diagwrn.xml
2014-07-20 17:25 - 2014-07-20 17:25 - 00003795 _____ () C:\Windows\diagerr.xml

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 09:25 - 2014-07-25 09:24 - 00000000 ____D () C:\FRST
2014-07-25 09:23 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-25 06:31 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\tracing
2014-07-25 05:13 - 2012-12-29 15:57 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1681928911-3300868060-4103052442-1001
2014-07-25 04:58 - 2013-05-28 21:21 - 00000000 ____D () C:\Users\Mary\Documents\Youcam
2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-07-24 16:58 - 2014-07-24 16:16 - 00000000 ____D () C:\Users\Mary\AppData\Local\CrashDumps
2014-07-24 16:40 - 2014-07-24 16:40 - 02093568 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2014-07-24 16:36 - 2014-07-24 16:19 - 00000022 _____ () C:\Users\Mary\Downloads\zoek.zip
2014-07-24 16:35 - 2014-07-24 16:35 - 00003128 _____ () C:\Windows\System32\Tasks\{6C2F490E-378E-4112-9D3D-AEC7E983A34C}
2014-07-24 16:35 - 2014-07-24 16:19 - 00000000 ____D () C:\Users\Mary\Downloads\zoek
2014-07-24 16:28 - 2014-07-23 16:42 - 00035907 _____ () C:\zoek-results.log
2014-07-24 16:21 - 2014-07-24 16:21 - 00003102 _____ () C:\Windows\System32\Tasks\{918B5A9A-0319-41C0-B2B5-A7741E21B701}
2014-07-24 16:19 - 2012-12-29 15:46 - 01314461 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 16:09 - 2014-07-24 16:09 - 00000120 _____ () C:\Users\Mary\Desktop\GEEKS.url
2014-07-24 16:08 - 2014-07-22 20:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-24 15:55 - 2014-07-24 15:55 - 00000017 _____ () C:\Users\Mary\AppData\Local\resmon.resmoncfg
2014-07-24 15:46 - 2014-07-22 19:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-24 15:46 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 15:44 - 2014-02-28 10:49 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-07-24 15:37 - 2014-07-24 15:37 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 15:37 - 2012-08-03 15:23 - 00817044 _____ () C:\Windows\PFRO.log
2014-07-24 15:36 - 2012-10-12 05:56 - 00000000 ____D () C:\ProgramData\Norton
2014-07-24 15:36 - 2012-07-25 22:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-24 15:32 - 2014-07-22 20:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-24 15:31 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 15:29 - 2013-11-21 12:54 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-07-24 15:28 - 2013-04-02 16:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 15:28 - 2013-04-02 16:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 15:26 - 2014-07-24 15:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-24 15:26 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-24 15:26 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-24 15:26 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-24 15:25 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-24 15:25 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-23 16:47 - 2014-07-24 16:22 - 00032313 _____ () C:\zoek-results2014-07-23-234728.log
2014-07-23 16:39 - 2014-07-23 16:39 - 00000000 ____D () C:\zoek_backup
2014-07-23 15:44 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-23 15:34 - 2013-04-02 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 15:29 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-23 15:19 - 2014-07-23 15:19 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\AVAST Software
2014-07-23 15:17 - 2014-07-22 20:27 - 00000000 ____D () C:\Users\Mary\AppData\Local\Google
2014-07-22 20:26 - 2014-07-22 20:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-22 20:26 - 2014-07-22 20:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-22 20:26 - 2014-07-22 20:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-22 20:25 - 2014-07-22 20:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-22 20:25 - 2014-07-22 20:24 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-22 20:24 - 2014-07-22 20:24 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-22 20:15 - 2014-07-22 20:15 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Users\Mary\AppData\Local\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 20:15 - 2013-09-23 23:41 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\Mozilla
2014-07-22 19:39 - 2014-07-22 19:38 - 00000000 ____D () C:\AdwCleaner
2014-07-22 19:22 - 2014-07-22 18:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 18:50 - 2014-07-22 18:50 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 18:50 - 2014-07-22 18:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 18:38 - 2014-07-22 18:20 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 18:38 - 2014-07-22 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 18:38 - 2014-07-22 18:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-22 18:32 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SchCache
2014-07-22 18:21 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 18:19 - 2014-07-22 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 18:19 - 2012-07-26 00:21 - 00060530 _____ () C:\Windows\setupact.log
2014-07-20 17:30 - 2014-07-20 17:30 - 00000493 _____ () C:\Windows\comsetup.log
2014-07-20 17:30 - 2014-07-20 17:25 - 00003795 _____ () C:\Windows\diagwrn.xml
2014-07-20 17:30 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\Registration
2014-07-20 17:26 - 2014-03-18 04:47 - 00000000 ___HD () C:\$Windows.~BT
2014-07-20 17:25 - 2014-07-20 17:25 - 00003795 _____ () C:\Windows\diagerr.xml
2014-06-30 15:42 - 2014-07-23 15:28 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 15:42 - 2014-07-23 15:28 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-30 15:42 - 2014-07-23 15:28 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-29 08:11 - 2013-09-23 23:41 - 00000258 __RSH () C:\Users\Mary\ntuser.pol
2014-06-29 08:11 - 2012-12-29 15:45 - 00000000 ____D () C:\Users\Mary
2014-06-27 20:35 - 2014-07-23 15:28 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 13:22 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-06-26 13:53 - 2014-07-24 15:30 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 13:53 - 2014-07-24 15:30 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Mary\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mary\AppData\Local\Temp\COMAP.EXE
C:\Users\Mary\AppData\Local\Temp\Extract.exe
C:\Users\Mary\AppData\Local\Temp\oi_{B78A9EA7-A078-4535-A3CA-B58854C7EC10}.exe
C:\Users\Mary\AppData\Local\Temp\Quarantine.exe
C:\Users\Mary\AppData\Local\Temp\SP63599.exe
C:\Users\Mary\AppData\Local\Temp\sp64126.exe
C:\Users\Mary\AppData\Local\Temp\SP65084.exe
C:\Users\Mary\AppData\Local\Temp\SP65787.exe
C:\Users\Mary\AppData\Local\Temp\SP65790.exe
C:\Users\Mary\AppData\Local\Temp\SP65795.exe
C:\Users\Mary\AppData\Local\Temp\SP65802.exe
C:\Users\Mary\AppData\Local\Temp\SP66089.exe
C:\Users\Mary\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mary\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-22 17:23

==================== End Of Log ============================

[Naathim]

Hi

Sorry for the delay, as both me and my teacher are not always available at weekends. Should be better the next few workdays

For now, let's do some more cleaning.


Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

• Copy the entire content of the codebox below and paste into the Notepad document:
  

  start
  Hosts:
  Task: {1420E991-E0BE-429B-9FA8-395149514BE1} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe
  Task: {25F97061-545E-4BAF-B9BD-605E32F10939} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
  Task: {489EF924-422F-4840-AA64-488ABCB1DDB1} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
  Task: {7979E053-BAA9-45B1-9288-3471D7D5F777} - System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe [2013-06-18] ()
  Task: {7E012D5D-F536-4964-B6F1-0FC1E64C4971} - \LaunchApp No Task File <==== ATTENTION
  Task: {C3D2D579-211F-4666-B76D-2374D8DD5D81} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Mary) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
  Task: {DC0871BF-4BEC-4D8D-8047-395CB97BE02F} - \DTChk No Task File <==== ATTENTION
  Task: {E1BB0682-DF62-4EAA-B604-E7B46DBCA547} - \RegClean Pro No Task File <==== ATTENTION
  Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
  Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
  Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Mary).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
  C:\Program Files (x86)\Avg Secure Update
  C:\Program Files (x86)\Ask4Expert
  HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
  HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-25] ()
  SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
  SearchScopes: HKLM-x32 - DefaultScope value is missing.
  SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
  SearchScopes: HKCU - DefaultScope {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
  SearchScopes: HKCU - {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
  SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
  2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
  2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
  C:\Program Files\SlimCleaner Plus
  C:\ProgramData\Norton
  end

• Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


Clean Temporary Files with TFC

Please download TFC by OldTimer and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Close any open programs and save your current work.
• Click the Start button to begin. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a couple of minutes.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

This tool doesn't generate any report. Instead I recommend to keep it for good maintenance of your machine.

[GregMiller]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Mary at 2014-07-28 16:16:25 Run:1
Running from C:\Users\Mary\Documents\geek+fix
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Hosts:
Task: {1420E991-E0BE-429B-9FA8-395149514BE1} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe
Task: {25F97061-545E-4BAF-B9BD-605E32F10939} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: {489EF924-422F-4840-AA64-488ABCB1DDB1} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: {7979E053-BAA9-45B1-9288-3471D7D5F777} - System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe [2013-06-18] ()
Task: {7E012D5D-F536-4964-B6F1-0FC1E64C4971} - \LaunchApp No Task File <==== ATTENTION
Task: {C3D2D579-211F-4666-B76D-2374D8DD5D81} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Mary) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {DC0871BF-4BEC-4D8D-8047-395CB97BE02F} - \DTChk No Task File <==== ATTENTION
Task: {E1BB0682-DF62-4EAA-B604-E7B46DBCA547} - \RegClean Pro No Task File <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Mary).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
C:\Program Files (x86)\Avg Secure Update
C:\Program Files (x86)\Ask4Expert
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-25] ()
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKCU - {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
C:\Program Files\SlimCleaner Plus
C:\ProgramData\Norton
end
*****************

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1420E991-E0BE-429B-9FA8-395149514BE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1420E991-E0BE-429B-9FA8-395149514BE1}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ask4Expert\Smart PC Booster\Run at Windows Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25F97061-545E-4BAF-B9BD-605E32F10939}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25F97061-545E-4BAF-B9BD-605E32F10939}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rmv" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{489EF924-422F-4840-AA64-488ABCB1DDB1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{489EF924-422F-4840-AA64-488ABCB1DDB1}" => Key deleted successfully.
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_0414c_rel" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7979E053-BAA9-45B1-9288-3471D7D5F777}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7979E053-BAA9-45B1-9288-3471D7D5F777}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ask4Expert\Smart PC Booster\Daily Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E012D5D-F536-4964-B6F1-0FC1E64C4971}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E012D5D-F536-4964-B6F1-0FC1E64C4971}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3D2D579-211F-4666-B76D-2374D8DD5D81}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3D2D579-211F-4666-B76D-2374D8DD5D81}" => Key deleted successfully.
C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Mary) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - Mary)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC0871BF-4BEC-4D8D-8047-395CB97BE02F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC0871BF-4BEC-4D8D-8047-395CB97BE02F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTChk" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1BB0682-DF62-4EAA-B604-E7B46DBCA547}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1BB0682-DF62-4EAA-B604-E7B46DBCA547}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => Moved successfully.
C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Mary).job => Moved successfully.
C:\Program Files (x86)\Avg Secure Update => Moved successfully.
C:\Program Files (x86)\Ask4Expert => Moved successfully.
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus => value deleted successfully.
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0414c => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{172532AD-48B2-42B2-A678-5ACA4B2D1012}" => Key deleted successfully.
"HKCR\CLSID\{172532AD-48B2-42B2-A678-5ACA4B2D1012}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
"C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job" => File/Directory not found.
"C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job" => File/Directory not found.
C:\Program Files\SlimCleaner Plus => Moved successfully.
C:\ProgramData\Norton => Moved successfully.

==== End of Fixlog ====