Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by Mary at 2014-07-25 09:26:19
Running from C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGYA9B8R
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.6.7225 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Smart PC Booster 7 (HKLM-x32\...\Smart PC Booster 7) (Version: 7.3.4.301 - Ask4Expert Technologies Pvt Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
29-06-2014 15:28:15 Scheduled Checkpoint
23-07-2014 03:24:58 avast! antivirus system restore point
24-07-2014 22:43:20 Removed SlimCleaner Plus
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1420E991-E0BE-429B-9FA8-395149514BE1} - System32\Tasks\Ask4Expert\Smart PC Booster\Run at Windows Startup => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Integrator.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {25F97061-545E-4BAF-B9BD-605E32F10939} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: {2655AE4E-4FBC-42B7-A6DB-7D02215EB1A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {274937C2-D480-4EEC-BEAF-708686E78D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {42E02F5A-DE66-4842-8ABF-9EB373143955} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {489EF924-422F-4840-AA64-488ABCB1DDB1} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: {55888750-D2D8-4739-BAFA-145EBB14AD8B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {654884EF-41BC-48EA-B1B6-FD21CA79B1F0} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {7979E053-BAA9-45B1-9288-3471D7D5F777} - System32\Tasks\Ask4Expert\Smart PC Booster\Daily Scan => C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\Helper.exe [2013-06-18] ()
Task: {7CEC6C5E-60D8-4709-9C74-27C0B432F821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7E012D5D-F536-4964-B6F1-0FC1E64C4971} - \LaunchApp No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C0D65F4C-E834-4354-AEEC-0947868AB623} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-13] (Microsoft Corporation)
Task: {C3D2D579-211F-4666-B76D-2374D8DD5D81} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Mary) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DC0871BF-4BEC-4D8D-8047-395CB97BE02F} - \DTChk No Task File <==== ATTENTION
Task: {E1BB0682-DF62-4EAA-B604-E7B46DBCA547} - \RegClean Pro No Task File <==== ATTENTION
Task: {E4BCA6CC-C837-47DA-8879-6860FF40B14B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F9A0F3B8-6C42-4E07-9E9E-03201CF912CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Mary).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
==================== Loaded Modules (whitelisted) =============
2014-04-25 21:04 - 2014-04-25 21:04 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2012-10-20 09:38 - 2012-10-20 09:38 - 00311808 _____ () C:\Program Files (x86)\Ask4Expert\Smart PC Booster 7\SDShlExt-x64.dll
2014-05-16 22:29 - 2014-05-16 22:29 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 13:17 - 2012-08-08 13:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-01-31 09:49 - 2014-01-14 12:46 - 03140608 _____ () C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-07-22 20:26 - 2014-07-22 20:26 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-24 15:29 - 2014-07-24 15:29 - 02794496 _____ () C:\Program Files\AVAST Software\Avast\defs\14072400\algo.dll
2014-07-24 15:46 - 2014-07-24 15:46 - 02794496 _____ () C:\Program Files\AVAST Software\Avast\defs\14072401\algo.dll
2014-05-14 09:45 - 2014-05-14 09:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2012-10-12 05:27 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-05-04 14:02 - 2014-02-20 21:13 - 00866056 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
2014-05-04 14:02 - 2013-12-29 18:20 - 01323992 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll
2014-05-04 14:02 - 2014-02-20 21:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
2014-07-22 20:26 - 2014-07-22 20:26 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKCU\...\StartupApproved\Run: => "AVG-Secure-Search-Update_0414c"
HKCU\...\StartupApproved\Run: => "SlimCleaner Plus"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/25/2014 06:31:16 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/24/2014 04:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf8d9
Exception code: 0xc0000005
Fault offset: 0x0015948b
Faulting process id: 0x55c
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
Error: (07/24/2014 04:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf8d9
Exception code: 0xc0000005
Fault offset: 0x0015948b
Faulting process id: 0x410
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
Error: (07/24/2014 04:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPPU.exe, version: 1.0.0.0, time stamp: 0x50079e34
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf8d9
Exception code: 0xc0000005
Fault offset: 0x0015948b
Faulting process id: 0x12e4
Faulting application start time: 0xHPPU.exe0
Faulting application path: HPPU.exe1
Faulting module path: HPPU.exe2
Report Id: HPPU.exe3
Faulting package full name: HPPU.exe4
Faulting package-relative application ID: HPPU.exe5
Error: (07/23/2014 03:18:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e58
Start Time: 01cfa6c3e24fe594
Termination Time: 4294967295
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 38ccd5c9-12b7-11e4-bea1-78e3b582338c
Faulting package full name:
Faulting package-relative application ID:
Error: (07/23/2014 03:18:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARYSPC)
Description: Package DefaultBrowser_NOPUBLISHERID was terminated because it took too long to suspend.
Error: (07/22/2014 07:53:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 7.3.4.301 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 10a4
Start Time: 01cfa62066c8f870
Termination Time: 4294967295
Application Path: C:\Users\Mary\AppData\Local\Temp\~nsu.tmp\Au_.exe
Report Id: 74ceb488-1214-11e4-be9f-78e3b582338c
Faulting package full name:
Faulting package-relative application ID:
Error: (07/22/2014 07:36:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={E290270C-04D7-48D1-8130-BC69A1436508}: The user SYSTEM dialed a connection named Broadband Connection 2 which has failed. The error code returned on failure is 651.
Error: (07/22/2014 07:29:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={30C59E6F-A9A8-47AB-886B-5F4787B1433B}: The user SYSTEM dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.
Error: (07/22/2014 07:27:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16921 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 152c
Start Time: 01cfa61d859f300d
Termination Time: 16
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: d64cc785-1210-11e4-be9e-78e3b582338c
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (07/24/2014 03:45:23 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (07/24/2014 03:36:42 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (07/24/2014 03:36:20 PM) (Source: DCOM) (EventID: 10010) (User: MARYSPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (07/24/2014 03:32:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! EmHWID service failed to start due to the following error:
%%127
Error: (07/24/2014 03:27:20 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (07/24/2014 03:26:09 PM) (Source: DCOM) (EventID: 10010) (User: MARYSPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (07/22/2014 08:06:12 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (07/22/2014 08:02:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (07/22/2014 07:40:38 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
Error: (07/22/2014 07:40:03 PM) (Source: DCOM) (EventID: 10010) (User: MARYSPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Microsoft Office Sessions:
=========================
Error: (07/25/2014 06:31:16 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (07/24/2014 04:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.2.9200.16765528bf8d9c00000050015948b55c01cfa79b38de04beC:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\Windows\SYSTEM32\d2d1.dll787ef253-138e-11e4-bea4-78e3b582338c
Error: (07/24/2014 04:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.2.9200.16765528bf8d9c00000050015948b41001cfa795c1f88f70C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\Windows\SYSTEM32\d2d1.dll03a578fb-1389-11e4-bea4-78e3b582338c
Error: (07/24/2014 04:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPPU.exe1.0.0.050079e34d2d1.dll6.2.9200.16765528bf8d9c00000050015948b12e401cfa795590085f8C:\Program Files (x86)\Hewlett-Packard\HP Utility Center\HPPU.exeC:\Windows\SYSTEM32\d2d1.dll99ff6f27-1388-11e4-bea4-78e3b582338c
Error: (07/23/2014 03:18:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe10.0.9200.16921e5801cfa6c3e24fe5944294967295C:\Program Files\Internet Explorer\iexplore.exe38ccd5c9-12b7-11e4-bea1-78e3b582338c
Error: (07/23/2014 03:18:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: MARYSPC)
Description: DefaultBrowser_NOPUBLISHERID
Error: (07/22/2014 07:53:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Au_.exe7.3.4.30110a401cfa62066c8f8704294967295C:\Users\Mary\AppData\Local\Temp\~nsu.tmp\Au_.exe74ceb488-1214-11e4-be9f-78e3b582338c
Error: (07/22/2014 07:36:12 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {E290270C-04D7-48D1-8130-BC69A1436508}SYSTEMBroadband Connection 2651
Error: (07/22/2014 07:29:02 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {30C59E6F-A9A8-47AB-886B-5F4787B1433B}SYSTEMBroadband Connection0
Error: (07/22/2014 07:27:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16921152c01cfa61d859f300d16C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd64cc785-1210-11e4-be9e-78e3b582338c
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3983.27 MB
Available physical RAM: 2346.96 MB
Total Pagefile: 6927.27 MB
Available Pagefile: 5218.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:441.52 GB) (Free:379.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.47 GB) (Free:2.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C2C9F703)
Partition: GPT Partition Type.
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Mary (administrator) on MARYSPC on 25-07-2014 09:25:29
Running from C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGYA9B8R
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-22] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-04-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [Amazon Cloud Player] => C:\Users\Mary\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-25] ()
HKU\S-1-5-21-1681928911-3300868060-4103052442-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-20] (CyberLink Corp.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 1AMPCBOK -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1AMPCBSyncing -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} => No File
ShellIconOverlayIdentifiers-x32: 1AMPCBOK -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: 1AMPCBSyncing -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKCU - {172532AD-48B2-42B2-A678-5ACA4B2D1012} URL = http://search.condui...&q={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136
FireFox:
========
FF ProfilePath: C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\91j77sxk.default
FF Homepage: hxxp://www.google.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-22]
Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-24]
CHR Extension: (Google Drive) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24]
CHR Extension: (YouTube) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24]
CHR Extension: (Google Search) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (Google Wallet) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-24]
CHR Extension: (Gmail) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-22] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-09] (AVG Technologies)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 09:24 - 2014-07-25 09:25 - 00000000 ____D () C:\FRST
2014-07-24 16:40 - 2014-07-24 16:40 - 02093568 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2014-07-24 16:35 - 2014-07-24 16:35 - 00003128 _____ () C:\Windows\System32\Tasks\{6C2F490E-378E-4112-9D3D-AEC7E983A34C}
2014-07-24 16:22 - 2014-07-23 16:47 - 00032313 _____ () C:\zoek-results2014-07-23-234728.log
2014-07-24 16:21 - 2014-07-24 16:21 - 00003102 _____ () C:\Windows\System32\Tasks\{918B5A9A-0319-41C0-B2B5-A7741E21B701}
2014-07-24 16:19 - 2014-07-24 16:36 - 00000022 _____ () C:\Users\Mary\Downloads\zoek.zip
2014-07-24 16:19 - 2014-07-24 16:35 - 00000000 ____D () C:\Users\Mary\Downloads\zoek
2014-07-24 16:16 - 2014-07-24 16:58 - 00000000 ____D () C:\Users\Mary\AppData\Local\CrashDumps
2014-07-24 16:09 - 2014-07-24 16:09 - 00000120 _____ () C:\Users\Mary\Desktop\GEEKS.url
2014-07-24 15:55 - 2014-07-24 15:55 - 00000017 _____ () C:\Users\Mary\AppData\Local\resmon.resmoncfg
2014-07-24 15:37 - 2014-07-24 15:37 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 15:30 - 2014-06-26 13:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 15:30 - 2014-06-26 13:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 15:26 - 2014-07-24 15:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-23 16:42 - 2014-07-24 16:28 - 00035907 _____ () C:\zoek-results.log
2014-07-23 16:39 - 2014-07-23 16:39 - 00000000 ____D () C:\zoek_backup
2014-07-23 15:29 - 2014-06-17 16:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-23 15:29 - 2014-06-17 16:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-23 15:29 - 2014-06-10 21:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-23 15:28 - 2014-06-30 15:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-23 15:28 - 2014-06-30 15:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-23 15:28 - 2014-06-30 15:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-23 15:28 - 2014-06-27 20:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-23 15:28 - 2014-06-18 19:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-23 15:28 - 2014-06-18 17:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-23 15:28 - 2014-05-29 16:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-23 15:28 - 2014-05-29 16:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-23 15:28 - 2014-05-29 16:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-23 15:28 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-23 15:27 - 2014-06-18 19:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-23 15:27 - 2014-06-18 19:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-23 15:27 - 2014-06-18 19:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-23 15:27 - 2014-06-18 19:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-23 15:27 - 2014-06-18 19:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-23 15:27 - 2014-06-18 17:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-23 15:27 - 2014-06-18 17:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-23 15:27 - 2014-06-18 17:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-23 15:27 - 2014-06-18 17:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-23 15:27 - 2014-06-18 17:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-23 15:27 - 2014-06-18 17:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-23 15:27 - 2014-06-18 15:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-23 15:27 - 2014-06-06 07:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-23 15:27 - 2014-06-06 03:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-23 15:27 - 2014-06-02 15:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-23 15:27 - 2014-05-29 15:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-23 15:19 - 2014-07-23 15:19 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\AVAST Software
2014-07-22 20:27 - 2014-07-24 16:08 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-22 20:27 - 2014-07-23 15:17 - 00000000 ____D () C:\Users\Mary\AppData\Local\Google
2014-07-22 20:26 - 2014-07-24 15:32 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-22 20:26 - 2014-07-22 20:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-22 20:26 - 2014-07-22 20:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-22 20:25 - 2014-07-22 20:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-22 20:24 - 2014-07-22 20:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-22 20:24 - 2014-07-22 20:24 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-22 20:15 - 2014-07-22 20:15 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Users\Mary\AppData\Local\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 19:38 - 2014-07-22 19:39 - 00000000 ____D () C:\AdwCleaner
2014-07-22 19:36 - 2014-07-24 15:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-22 18:50 - 2014-07-22 18:50 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 18:50 - 2014-07-22 18:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 18:20 - 2014-07-22 19:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 18:20 - 2014-07-22 18:38 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 18:20 - 2014-07-22 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 18:19 - 2014-07-22 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-22 18:19 - 2014-07-22 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 18:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-22 18:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-22 18:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 17:30 - 2014-07-20 17:30 - 00000493 _____ () C:\Windows\comsetup.log
2014-07-20 17:25 - 2014-07-20 17:30 - 00003795 _____ () C:\Windows\diagwrn.xml
2014-07-20 17:25 - 2014-07-20 17:25 - 00003795 _____ () C:\Windows\diagerr.xml
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 09:25 - 2014-07-25 09:24 - 00000000 ____D () C:\FRST
2014-07-25 09:23 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-25 06:31 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\tracing
2014-07-25 05:13 - 2012-12-29 15:57 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1681928911-3300868060-4103052442-1001
2014-07-25 04:58 - 2013-05-28 21:21 - 00000000 ____D () C:\Users\Mary\Documents\Youcam
2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-07-25 04:57 - 2014-04-25 21:04 - 00000390 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-07-24 16:58 - 2014-07-24 16:16 - 00000000 ____D () C:\Users\Mary\AppData\Local\CrashDumps
2014-07-24 16:40 - 2014-07-24 16:40 - 02093568 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2014-07-24 16:36 - 2014-07-24 16:19 - 00000022 _____ () C:\Users\Mary\Downloads\zoek.zip
2014-07-24 16:35 - 2014-07-24 16:35 - 00003128 _____ () C:\Windows\System32\Tasks\{6C2F490E-378E-4112-9D3D-AEC7E983A34C}
2014-07-24 16:35 - 2014-07-24 16:19 - 00000000 ____D () C:\Users\Mary\Downloads\zoek
2014-07-24 16:28 - 2014-07-23 16:42 - 00035907 _____ () C:\zoek-results.log
2014-07-24 16:21 - 2014-07-24 16:21 - 00003102 _____ () C:\Windows\System32\Tasks\{918B5A9A-0319-41C0-B2B5-A7741E21B701}
2014-07-24 16:19 - 2012-12-29 15:46 - 01314461 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 16:09 - 2014-07-24 16:09 - 00000120 _____ () C:\Users\Mary\Desktop\GEEKS.url
2014-07-24 16:08 - 2014-07-22 20:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-24 15:55 - 2014-07-24 15:55 - 00000017 _____ () C:\Users\Mary\AppData\Local\resmon.resmoncfg
2014-07-24 15:46 - 2014-07-22 19:36 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-24 15:46 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 15:44 - 2014-02-28 10:49 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-07-24 15:37 - 2014-07-24 15:37 - 00281088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 15:37 - 2012-08-03 15:23 - 00817044 _____ () C:\Windows\PFRO.log
2014-07-24 15:36 - 2012-10-12 05:56 - 00000000 ____D () C:\ProgramData\Norton
2014-07-24 15:36 - 2012-07-25 22:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-24 15:32 - 2014-07-22 20:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-24 15:31 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-24 15:29 - 2013-11-21 12:54 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-07-24 15:28 - 2013-04-02 16:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 15:28 - 2013-04-02 16:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 15:26 - 2014-07-24 15:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-24 15:26 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-24 15:26 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-24 15:26 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-24 15:25 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-24 15:25 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-23 16:47 - 2014-07-24 16:22 - 00032313 _____ () C:\zoek-results2014-07-23-234728.log
2014-07-23 16:39 - 2014-07-23 16:39 - 00000000 ____D () C:\zoek_backup
2014-07-23 15:44 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-23 15:34 - 2013-04-02 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 15:29 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-23 15:19 - 2014-07-23 15:19 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\AVAST Software
2014-07-23 15:17 - 2014-07-22 20:27 - 00000000 ____D () C:\Users\Mary\AppData\Local\Google
2014-07-22 20:26 - 2014-07-22 20:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-22 20:26 - 2014-07-22 20:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-22 20:26 - 2014-07-22 20:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-22 20:26 - 2014-07-22 20:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-22 20:25 - 2014-07-22 20:25 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-22 20:25 - 2014-07-22 20:24 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-22 20:24 - 2014-07-22 20:24 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-22 20:15 - 2014-07-22 20:15 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Users\Mary\AppData\Local\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 20:15 - 2014-07-22 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 20:15 - 2013-09-23 23:41 - 00000000 ____D () C:\Users\Mary\AppData\Roaming\Mozilla
2014-07-22 19:39 - 2014-07-22 19:38 - 00000000 ____D () C:\AdwCleaner
2014-07-22 19:22 - 2014-07-22 18:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 18:50 - 2014-07-22 18:50 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 18:50 - 2014-07-22 18:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 18:38 - 2014-07-22 18:20 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-22 18:38 - 2014-07-22 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-22 18:38 - 2014-07-22 18:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-22 18:32 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\SchCache
2014-07-22 18:21 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 18:19 - 2014-07-22 18:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 18:19 - 2012-07-26 00:21 - 00060530 _____ () C:\Windows\setupact.log
2014-07-20 17:30 - 2014-07-20 17:30 - 00000493 _____ () C:\Windows\comsetup.log
2014-07-20 17:30 - 2014-07-20 17:25 - 00003795 _____ () C:\Windows\diagwrn.xml
2014-07-20 17:30 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\Registration
2014-07-20 17:26 - 2014-03-18 04:47 - 00000000 ___HD () C:\$Windows.~BT
2014-07-20 17:25 - 2014-07-20 17:25 - 00003795 _____ () C:\Windows\diagerr.xml
2014-06-30 15:42 - 2014-07-23 15:28 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 15:42 - 2014-07-23 15:28 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-30 15:42 - 2014-07-23 15:28 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-29 08:11 - 2013-09-23 23:41 - 00000258 __RSH () C:\Users\Mary\ntuser.pol
2014-06-29 08:11 - 2012-12-29 15:45 - 00000000 ____D () C:\Users\Mary
2014-06-27 20:35 - 2014-07-23 15:28 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 13:22 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-06-26 13:53 - 2014-07-24 15:30 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 13:53 - 2014-07-24 15:30 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Mary\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mary\AppData\Local\Temp\COMAP.EXE
C:\Users\Mary\AppData\Local\Temp\Extract.exe
C:\Users\Mary\AppData\Local\Temp\oi_{B78A9EA7-A078-4535-A3CA-B58854C7EC10}.exe
C:\Users\Mary\AppData\Local\Temp\Quarantine.exe
C:\Users\Mary\AppData\Local\Temp\SP63599.exe
C:\Users\Mary\AppData\Local\Temp\sp64126.exe
C:\Users\Mary\AppData\Local\Temp\SP65084.exe
C:\Users\Mary\AppData\Local\Temp\SP65787.exe
C:\Users\Mary\AppData\Local\Temp\SP65790.exe
C:\Users\Mary\AppData\Local\Temp\SP65795.exe
C:\Users\Mary\AppData\Local\Temp\SP65802.exe
C:\Users\Mary\AppData\Local\Temp\SP66089.exe
C:\Users\Mary\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mary\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-22 17:23
==================== End Of Log ============================