Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Malware Rapidly Consuming Free Space [Solved]

Java:Agent-ELL [Trj] Java:Malware-gen [Trj] Jave:Agent-GTN [Trj]

  • This topic is locked This topic is locked

#1
Junius

Junius

    Member

  • Member
  • PipPip
  • 34 posts

My computer is rapidly consuming available free space on drive C:\

 

It will soon have no free space available.

 

I've not been able to determine the cause or stop it.

 

See history below.

 

I have no idea how the malware below got on my computer.

 

 

History:

June 28, 2014: Computer behaving strange. Websites distorted after loading. Example YouTube would load all distorted. If clicked on video to view it would be taken to another page saying *this video is not available at this time*. This page would be distorted also.

I did the following:

1. I ran Malwarebytes Quick Scan. It found well over 100 (too many to count) of the following:

Vendor: PUP,Optional,CrossRider,A
Location: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8mde7.default\prefs.js

Vendor: PUP:,Optional,InstallCore
Location: C:\Users\Bob\AppData\Local\Temp\dlmFB13.tmp\Alchol120_trial_2.0.2.5830.exe

Vendor: PUP,Optional,CrossFire,A
Location: C\Users\Bob\AppData\Roaming\Mazilla\Firefox\Profiles\rk8kmde7.default\extensions\c....


There were about 200+ of these.

I Quarantined them in Malarebytes.

2. Cleared my Firefox browser cache.

After that pages loaded okay and computer stopped behaving strange.


-------------

July 18, 2014: While running Back Ups to Amazon S3 via Cloudberry BackUp Desktop Edition, I noticed my C:\ hard drive was down to 103 GB of available free space. Normally, I only use about 200 GB of space on C:\ drive leaving about 300+ GB of available free space (it's a 600 GB drive). Something seemed to be consuming free drive space at on average of 10 to 20 GB per hour. I contacted Cloudberry Lab to see if it could be related to there backup program. It wasn't.

I then did the following:

1. Ran Avast Quick Scan. No threats found.

2. Ran Avast Full System Scan. No threats found.

3. Ran Avast Boot-Time Scan. The following malware was found:

Original file name: 1cc90452-1359cc8c
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\6.0\18
Size of file: 746
Category: Infected files
Virus description: Java:Malware-gen [Trj]

=======
Original file name: mrwbkwf\atynwkjnucyffvgpg.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\6.0\18\1cc90452-1359cc8c
Size of file: 3355
Category: Infected files
Virus description: Java:Malware-gen [Trj]
========
Original file name: mrwbkwf\cyfbureswrnn.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 398
Category: Infected files
Virus description: Java:Malware-gen [Trj]

=======
Original file name: mrwbkwf\febrrhgdurerjwmwlyffn.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 6710
Category: Infected files
Virus description: Java:Agent-ELL [Trj]
========
Original file name: mrwbkwf\ktcvfwwwrmdnhtfbsenbdryt.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 696
Category: Infected files
Virus description: Java:Agent-GTN [Trj]
=========
Original file name: mrwbkwt\qgnsftgquevrlfu.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 201
Category: Infected files
Virus description: Java:Malware-gen [Trj]
==========
Original file name: mrwbkwt\qrspnnrtgaqrkpdfvhmfjtu.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 2493
Category: Infected files
Virus description: Java:Malware-gen [Trj]
==========
Original file name: mrwbkwt\rjgggeykefgkjugl.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 808
Category: Infected files
Virus description: Java:Malware-gen [Trj]
============
Original file name: mrwbkwt\sgcdtket.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 200
Category: Infected files
Virus description: Java:Malware-gen [Trj]
===========
Original file name: mrwbkwt\wabpgtqsvgmh.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 720
Category: Infected files
Virus description: Java:Malware-gen [Trj]
============

I placed all of these in the Avast Virus Chest.

On the evening of July 18th while running backups to my external hard drive, I noticed free drive space on C;\ drive was disappearing at 20 GB every 10 to 20 minutes or so. I disconnected the external hard drive from my computer.

At this point I had about 85 GB of free space on C:\ left. (Night of 7/18th).

On the morning of July 19th when I first got on the computer, I only had about 65 GB of C;\ free space available. It stayed around that level until the morning of July 20th when it went down to 58 GB. Since seems to loose about 5 to 8 GB of free space per day.

Currently, July 23rd, 4:45 pm (CT) it is at 36 GB of available free space.

I've been doing the follow in an attempt to slow it down:

Ran Avast Full System and Boot-Time scans 2 times per day ... with No Threats Found.

Ran Malwarebytes Treat Scan 2 times per day ... with No Threats Found.

Ran SpywareBalster (its on all the time).

Ran CCCleaner once per day.

Ran MyTurboPC 3 to 4 times per day to free up disk space.

Ran Windows Disk Cleaner multiple times per day to free up disk space.

Last night, July 22nd, C:\ drive was at 58.6 GB. This morning it was at 44.1 GB free space. Then went up to 45.6 GB. An hour later it dropped to 36.4 GB.

In an effort to free up more space on C:\ drive I've also been deleting old data file, video files, photo and image files on my computer that I no longer use or need.

Hopefully, I can maintain some free space on C:\ drive until you are able to assist me with fixing whatever is causing this.

Thank you and advance for your speedy attention to this matter.

Bob

------------------------------

Below is a copy of the OTL Logfile:
-------------------------------

OTL logfile created on: 7/23/2014 4:55:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.93 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 67.77% Memory free
11.86 Gb Paging File | 9.73 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.56 Gb Total Space | 36.49 Gb Free Space | 6.24% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 1.64 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
 
Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/23 11:17:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2014/06/29 03:29:48 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2014/06/29 03:29:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/19 13:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/09 21:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/09 21:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2012/06/04 11:43:32 | 001,057,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/07 15:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/03 14:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/29 03:29:49 | 019,329,904 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2014/06/29 03:29:48 | 000,301,152 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MOD - [2014/05/15 03:27:30 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/15 03:27:26 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 05:38:34 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:58:51 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5939ca2869d7b8acc98bc216519d6bca\System.Xml.ni.dll
MOD - [2014/02/12 04:58:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:58:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:57:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 04:57:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:57:39 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/03 14:43:14 | 001,703,936 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/06/03 14:34:18 | 003,764,224 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/03/26 16:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/03/17 06:39:46 | 000,148,992 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/06 20:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/29 03:29:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/06/18 19:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/09 21:20:28 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/22 10:38:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/08 16:52:34 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/05 04:50:50 | 000,061,440 | ---- | M] (CloudBerry Lab Inc.) [Auto | Running] -- C:\Program Files (x86)\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe -- (CloudBerry Backup Service)
SRV - [2014/04/28 17:40:27 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/04/28 17:40:27 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 13:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/09 21:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/05 10:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/05/16 17:36:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/03 12:57:26 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Cincopa\cincopaAgent.exe -- (cincopaAgent)
SRV - [2010/07/04 11:17:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/29 13:16:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/23 15:23:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/04 15:29:56 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/06/29 03:29:51 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/06/29 03:29:51 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/06/29 03:29:51 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/06/29 03:29:50 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/06/29 03:29:50 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/06/29 03:29:50 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/06/29 03:29:50 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/02/25 18:11:47 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/12/05 03:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 08:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 05:34:50 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AC6C70BA-D774-4C32-A269-7BFEA5CA2226}
IE:64bit: - HKLM\..\SearchScopes\{54CCE146-0603-4190-898D-B43BD86BBA9C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{AC6C70BA-D774-4C32-A269-7BFEA5CA2226}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AC6C70BA-D774-4C32-A269-7BFEA5CA2226}
IE - HKLM\..\SearchScopes\{54CCE146-0603-4190-898D-B43BD86BBA9C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{AC6C70BA-D774-4C32-A269-7BFEA5CA2226}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {AC6C70BA-D774-4C32-A269-7BFEA5CA2226}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: viewtubetraintoolbar%40viewtubetrain.com:0.03
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.15
FF - prefs.js..extensions.enabledAddons: %7B7CEA821D-3DAB-4238-B424-BF7324531750%7D:0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/06/29 03:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/22 10:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/07/16 21:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions
[2013/12/25 10:38:02 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions\[email protected]
[2012/05/14 10:50:37 | 000,009,994 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions\[email protected]
[2014/06/24 23:09:58 | 000,265,248 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi
[2014/07/22 10:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/22 10:38:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_1\
CHR - Extension: Google Wallet = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/07/13 09:25:19 | 000,449,956 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15471 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk = C:\Users\Bob\AppData\Roaming\Leadertech\PowerRegister\Epson scanner Registration.exe (Leader Technologies/Epson)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O16 - DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{402023E8-C102-46E6-B31E-8020B90FC5CA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: ({DLL_Str}) -  File not found
O20 - AppInit_DLLs: ({DLL_Str}) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/23 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/23 15:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/23 15:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/07/23 11:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/07/23 11:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/07/23 11:17:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2014/07/23 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\MyTurboPC.com
[2014/07/23 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\DriverCure
[2014/07/23 09:04:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
[2014/07/23 09:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MyTurboPC.com
[2014/07/23 09:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2014/07/23 09:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTurboPC.com
[2014/07/22 10:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/13 18:03:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\CB Affiliate Ads
[2014/07/04 14:40:44 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Cloudberry
[2014/06/29 03:29:50 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/28 22:23:07 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/28 22:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/28 22:22:52 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/28 22:22:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/28 22:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2012/07/17 00:37:30 | 001,268,560 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/23 16:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/23 16:23:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/23 15:29:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 15:29:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 15:25:38 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2014/07/23 15:23:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/23 15:20:08 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/23 15:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/23 15:18:47 | 479,522,815 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/23 14:49:17 | 006,500,352 | ---- | M] () -- C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-23.QDF-backup
[2014/07/23 11:39:52 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/23 11:17:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2014/07/23 11:13:06 | 000,000,547 | ---- | M] () -- C:\Windows\tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
[2014/07/23 09:35:43 | 000,001,185 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
[2014/07/23 09:33:53 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Update3_triggeronce.job
[2014/07/23 09:33:53 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2014/07/23 09:33:52 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2014/07/23 09:04:47 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2014/07/23 09:04:47 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\CloudBerry Online Backup.lnk
[2014/07/23 09:04:47 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2014/07/23 09:04:47 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/23 09:04:47 | 000,002,179 | ---- | M] () -- C:\Users\Bob\Desktop\HP Support Assistant.lnk
[2014/07/23 09:04:47 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/07/23 09:04:47 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
[2014/07/23 09:04:47 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression 2.lnk
[2014/07/23 09:04:47 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
[2014/07/23 09:04:47 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2014/07/23 09:04:47 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/07/23 09:04:47 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Traffic Hybrid Software.lnk
[2014/07/23 09:04:47 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/07/23 09:04:47 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/07/23 09:04:47 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/07/23 09:04:47 | 000,001,829 | ---- | M] () -- C:\Users\Bob\Desktop\Cincopa.lnk
[2014/07/23 09:04:47 | 000,001,764 | ---- | M] () -- C:\Users\Bob\Desktop\Quicken Home & Business 2010.lnk
[2014/07/23 09:04:47 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2014/07/23 09:04:47 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2014/07/23 09:04:47 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
[2014/07/23 09:04:47 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2014/07/23 09:04:47 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/07/23 09:04:47 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2014/07/23 09:04:47 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Core FTP Lite.lnk
[2014/07/23 09:04:47 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\SAT.lnk
[2014/07/23 09:04:24 | 000,001,122 | ---- | M] () -- C:\Users\Bob\Desktop\MyTurboPC.lnk
[2014/07/22 23:27:10 | 000,001,437 | ---- | M] () -- C:\Users\Bob\Desktop\Spybot - Search & Destroy.lnk
[2014/07/22 21:58:19 | 000,007,622 | ---- | M] () -- C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
[2014/07/22 10:53:34 | 000,002,046 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/07/21 19:06:30 | 000,002,386 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2014/07/19 05:11:43 | 000,001,919 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2014/07/16 02:05:23 | 000,000,175 | ---- | M] () -- C:\ProgramData\LockFilePath.ini
[2014/07/13 09:25:19 | 000,449,956 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/09 03:21:38 | 000,360,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/08 00:50:44 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/04 15:29:56 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/06/30 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/29 03:30:00 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/29 03:29:51 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/06/29 03:29:51 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/06/29 03:29:51 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/06/29 03:29:50 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/06/29 03:29:50 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/06/29 03:29:50 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/06/29 03:29:50 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/06/29 03:29:50 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/29 03:29:50 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
 
========== Files Created - No Company Name ==========
 
[2014/07/23 11:39:52 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/23 09:04:33 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2014/07/23 09:04:24 | 000,001,122 | ---- | C] () -- C:\Users\Bob\Desktop\MyTurboPC.lnk
[2014/07/23 09:04:24 | 000,000,547 | ---- | C] () -- C:\Windows\tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
[2014/07/23 09:04:24 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Update3_triggeronce.job
[2014/07/23 09:04:24 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2014/07/23 02:21:07 | 006,500,352 | ---- | C] () -- C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-23.QDF-backup
[2014/01/13 13:35:53 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/26 19:26:02 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/08/26 19:26:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/08/26 19:26:02 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/08/26 19:26:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/08/26 19:26:02 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/08/26 19:26:02 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/08/26 19:26:02 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/08/26 19:26:02 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/08/26 19:26:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/08/26 19:26:02 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/08/26 19:26:02 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/08/26 19:26:02 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/08/26 19:26:02 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/08/26 19:26:02 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/08/26 19:26:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/08/26 19:26:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/26 19:24:12 | 000,000,061 | ---- | C] () -- C:\Windows\PERFV37_370.ini
[2013/03/11 15:13:43 | 000,007,622 | ---- | C] () -- C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
[2012/07/17 00:00:07 | 3171,472,343 | ---- | C] () -- C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.7z
[2012/07/02 11:42:32 | 000,006,144 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/23 16:21:24 | 000,001,144 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\wklnhst.dat
[2011/05/23 04:57:34 | 000,000,175 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2010/07/15 22:02:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/07/11 13:30:04 | 000,037,780 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpBOB AT ROUND TOP, OAHU, HI.JPG
[2010/05/21 10:59:50 | 003,095,040 | ---- | C] () -- C:\Users\Bob\openofficeorg32.msi
[2010/05/21 10:58:20 | 000,460,088 | ---- | C] () -- C:\Users\Bob\setup.exe
[2010/05/21 10:56:06 | 135,115,913 | ---- | C] () -- C:\Users\Bob\openofficeorg1.cab
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/20 03:32:17 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\AVAST Software
[2013/09/02 02:22:36 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\chc
[2012/09/21 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/28 10:49:19 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/07/23 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\CoreFTP
[2014/07/23 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DriverCure
[2011/10/29 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\EbkReader
[2013/08/29 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Epson
[2014/07/23 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FileZilla
[2012/06/27 22:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FLV Extract
[2010/07/09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\iWin
[2010/12/21 14:55:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\JonathanLeger.com
[2011/11/28 17:26:06 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\KompoZer
[2013/08/26 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2014/07/23 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\MyTurboPC.com
[2011/05/16 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\No Company Name
[2010/07/07 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Notepad++
[2014/05/16 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice
[2010/07/07 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2014/06/14 20:12:20 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Oracle
[2011/09/10 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2010/07/03 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PictureMover
[2012/06/24 09:55:15 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Template
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Thunderbird
[2012/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WildTangent
[2010/07/11 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WildTangentv1001
[2010/07/08 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >



 


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi junius,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.
  • If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed.
  • We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.
  • All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.
  • If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.
  • Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

Let's get started....

I appreciate the OTL log but I would like to get a closer look at your system by using a different scanner.
Please download FRST64.exe from here and save it to your Desktop.

 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Thank you.


  • 0

#3
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello dbreeze,

 

Thank you for your prompt reply. I'll run the scans you requested and post them here as soon as they are completed this evening.

 

After that I'll update my Backups on Amazon S3.

 

Right now I only have 36 GB of free space on C:\ drive. So after I finish update Backups I'll delete some document and video files from my computer to free up more space on C;\ drive.

 

Question: What happens if ALL the free space on C;\ drive gets used up? Does the computer crash and burn?! Just curious.

 

junius


  • 0

#4
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

dbreez,

 

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Bob (administrator) on BOB-PC on 23-07-2014 20:28:20
Running from C:\Users\Bob\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(ArcSoft, Inc.) C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Akamai Technologies, Inc.) C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Akamai Technologies, Inc.) C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CloudBerry Lab Inc.) C:\Program Files (x86)\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057408 2012-06-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432 2014-06-29] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [CTRegRun] => C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd )
HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [615808 2009-09-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
ShortcutTarget: Epson scanner Registration.lnk -> C:\Users\Bob\AppData\Roaming\Leadertech\PowerRegister\Epson scanner Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {AC6C70BA-D774-4C32-A269-7BFEA5CA2226} URL =
SearchScopes: HKCU - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\Extensions\[email protected] [2013-12-01]
FF Extension: ViewTubeTrain Toolbar Beta - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\Extensions\[email protected] [2012-05-14]
FF Extension: S3 Firefox Organizer(S3Fox) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\Extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi [2014-06-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-11]

Chrome:
=======
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-26]
CHR Extension: (Google Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-26]
CHR Extension: (avast! Online Security) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-06-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-06-29] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 BackupService; C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 cincopaAgent; C:\Program Files (x86)\Cincopa\cincopaAgent.exe [20480 2011-01-03] () [File not signed]
R2 CloudBerry Backup Service; C:\Program Files (x86)\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe [61440 2014-06-05] (CloudBerry Lab Inc.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-07-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-06-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-28] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-29] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-25] (Duplex Secure Ltd.)
U3 altfp3xo; C:\Windows\System32\Drivers\altfp3xo.sys [0 ] (Advanced Micro Devices)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-23 20:28 - 2014-07-23 20:28 - 00023328 ____C () C:\Users\Bob\Desktop\FRST.txt
2014-07-23 20:28 - 2014-07-23 20:28 - 00000000 ___DC () C:\FRST
2014-07-23 20:25 - 2014-07-23 20:25 - 02093568 ____C (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-07-23 17:01 - 2014-07-23 17:02 - 00114814 ____C () C:\Users\Bob\Desktop\OTL.Txt
2014-07-23 15:20 - 2014-07-23 15:20 - 00000000 ____C () C:\Users\Bob\Sti_Trace.log
2014-07-23 15:19 - 2014-07-23 15:20 - 00000168 _____ () C:\Windows\setupact.log
2014-07-23 15:19 - 2014-07-23 15:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-23 15:18 - 2014-07-23 15:18 - 00005392 _____ () C:\Windows\PFRO.log
2014-07-23 15:04 - 2014-07-23 15:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-23 15:04 - 2014-07-23 15:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 15:03 - 2014-07-23 15:03 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-07-23 11:39 - 2014-07-23 11:39 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-23 11:39 - 2014-07-23 11:39 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\Program Files\CCleaner
2014-07-23 11:26 - 2014-07-23 11:26 - 00090832 _____ () C:\Users\Bob\Downloads\Extras.Txt
2014-07-23 11:25 - 2014-07-23 11:25 - 00112290 _____ () C:\Users\Bob\Downloads\OTL.Txt
2014-07-23 11:17 - 2014-07-23 11:17 - 00602112 ____C (OldTimer Tools) C:\Users\Bob\Desktop\OTL.exe
2014-07-23 09:04 - 2014-07-23 18:00 - 00000472 _____ () C:\Windows\Tasks\MyTurboPC.com Registration3.job
2014-07-23 09:04 - 2014-07-23 11:13 - 00000547 _____ () C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
2014-07-23 09:04 - 2014-07-23 09:33 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job
2014-07-23 09:04 - 2014-07-23 09:33 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3.job
2014-07-23 09:04 - 2014-07-23 09:04 - 00003972 _____ () C:\Windows\System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC
2014-07-23 09:04 - 2014-07-23 09:04 - 00003248 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3
2014-07-23 09:04 - 2014-07-23 09:04 - 00003132 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Registration3
2014-07-23 09:04 - 2014-07-23 09:04 - 00002910 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3_triggeronce
2014-07-23 09:04 - 2014-07-23 09:04 - 00001122 ____C () C:\Users\Bob\Desktop\MyTurboPC.lnk
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\DriverCure
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\ProgramData\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Program Files (x86)\MyTurboPC.com
2014-07-23 08:34 - 2014-07-23 08:34 - 00000021 ____C () C:\Users\Bob\Desktop\avast scan virus code for ref.txt
2014-07-23 02:21 - 2014-07-23 14:49 - 06500352 ____C () C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-23.QDF-backup
2014-07-22 10:38 - 2014-07-23 09:31 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ___DC () C:\Users\Bob\Documents\CB Affiliate Ads
2014-07-09 00:34 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 00:34 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 00:34 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 00:34 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 00:34 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 00:34 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 00:34 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 00:34 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 00:34 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 00:34 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 00:34 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 00:34 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 00:34 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 00:34 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 00:34 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 00:34 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 00:34 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 00:34 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 00:34 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 00:34 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 00:34 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 00:34 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 00:34 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 00:34 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 00:34 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 00:34 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 00:34 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 00:34 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 00:34 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 00:34 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 00:34 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 00:34 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 00:34 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 00:34 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 00:34 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 00:34 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 00:34 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 00:34 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 00:34 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 00:34 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 00:34 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 00:34 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 00:34 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 00:34 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 00:34 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 00:34 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 00:34 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 00:34 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 00:34 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 00:34 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 00:34 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 00:34 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 00:34 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 00:34 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 00:34 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 00:33 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 00:33 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 00:33 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 00:33 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 00:33 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 00:33 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 00:33 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 00:33 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 00:33 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 00:32 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 00:32 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 00:32 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 00:47 - 2014-07-08 00:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 14:40 - 2014-07-04 14:41 - 00000000 ___DC () C:\Users\Bob\Documents\Cloudberry
2014-06-29 03:29 - 2014-06-29 03:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-28 22:23 - 2014-07-23 15:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 22:22 - 2014-07-08 00:50 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 22:22 - 2014-07-08 00:50 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 22:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 22:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-23 20:28 - 2014-07-23 20:28 - 00023328 ____C () C:\Users\Bob\Desktop\FRST.txt
2014-07-23 20:28 - 2014-07-23 20:28 - 00000000 ___DC () C:\FRST
2014-07-23 20:25 - 2014-07-23 20:25 - 02093568 ____C (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-07-23 20:23 - 2010-07-16 20:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 19:52 - 2012-03-29 09:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 18:00 - 2014-07-23 09:04 - 00000472 _____ () C:\Windows\Tasks\MyTurboPC.com Registration3.job
2014-07-23 17:02 - 2014-07-23 17:01 - 00114814 ____C () C:\Users\Bob\Desktop\OTL.Txt
2014-07-23 15:29 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 15:29 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 15:25 - 2010-07-04 16:11 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBob
2014-07-23 15:25 - 2010-07-04 16:11 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBob.job
2014-07-23 15:25 - 2010-06-29 15:19 - 01818634 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 15:23 - 2014-06-28 22:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 15:20 - 2014-07-23 15:20 - 00000000 ____C () C:\Users\Bob\Sti_Trace.log
2014-07-23 15:20 - 2014-07-23 15:19 - 00000168 _____ () C:\Windows\setupact.log
2014-07-23 15:20 - 2010-07-16 20:14 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 15:20 - 2010-07-03 18:51 - 00000000 ___DC () C:\Users\Bob
2014-07-23 15:19 - 2014-07-23 15:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-23 15:19 - 2010-06-29 13:15 - 00000000 ___DC () C:\ProgramData\NVIDIA
2014-07-23 15:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 15:18 - 2014-07-23 15:18 - 00005392 _____ () C:\Windows\PFRO.log
2014-07-23 15:04 - 2014-07-23 15:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-23 15:04 - 2014-07-23 15:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 15:04 - 2013-09-22 03:18 - 00000000 ___DC () C:\ProgramData\Oracle
2014-07-23 15:03 - 2014-07-23 15:03 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-07-23 14:49 - 2014-07-23 02:21 - 06500352 ____C () C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-23.QDF-backup
2014-07-23 11:41 - 2012-11-26 16:01 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\FileZilla
2014-07-23 11:41 - 2010-07-09 17:27 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\CoreFTP
2014-07-23 11:41 - 2010-07-06 21:13 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2014-07-23 11:40 - 2010-07-05 20:23 - 00000000 ___DC () C:\Users\Bob\AppData\Local\MigWiz
2014-07-23 11:39 - 2014-07-23 11:39 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-23 11:39 - 2014-07-23 11:39 - 00000784 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\Program Files\CCleaner
2014-07-23 11:26 - 2014-07-23 11:26 - 00090832 _____ () C:\Users\Bob\Downloads\Extras.Txt
2014-07-23 11:25 - 2014-07-23 11:25 - 00112290 _____ () C:\Users\Bob\Downloads\OTL.Txt
2014-07-23 11:17 - 2014-07-23 11:17 - 00602112 ____C (OldTimer Tools) C:\Users\Bob\Desktop\OTL.exe
2014-07-23 11:13 - 2014-07-23 09:04 - 00000547 _____ () C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
2014-07-23 09:35 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-23 09:33 - 2014-07-23 09:04 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job
2014-07-23 09:33 - 2014-07-23 09:04 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3.job
2014-07-23 09:31 - 2014-07-22 10:38 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 09:31 - 2014-06-11 09:57 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-23 09:31 - 2013-08-26 19:33 - 00000000 ___DC () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-07-23 09:31 - 2011-03-30 07:28 - 00000000 ___DC () C:\ProgramData\NVIDIA Corporation
2014-07-23 09:31 - 2010-11-01 17:43 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 09:31 - 2010-09-06 21:14 - 00000000 ___DC () C:\Users\Bob\Desktop\KompoZer 0.7.10
2014-07-23 09:31 - 2010-07-08 09:15 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\hpqLog
2014-07-23 09:31 - 2010-07-04 00:48 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Adobe
2014-07-23 09:31 - 2010-07-03 18:57 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\HpUpdate
2014-07-23 09:31 - 2010-07-03 18:56 - 00000000 ___DC () C:\Users\Bob\AppData\Local\PowerCinema
2014-07-23 09:31 - 2010-06-29 14:04 - 00000000 ____D () C:\Windows\Panther
2014-07-23 09:31 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-07-23 09:30 - 2010-12-21 14:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstantArticleWizard
2014-07-23 09:30 - 2010-07-09 17:25 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core FTP
2014-07-23 09:04 - 2014-07-23 09:04 - 00003972 _____ () C:\Windows\System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC
2014-07-23 09:04 - 2014-07-23 09:04 - 00003248 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3
2014-07-23 09:04 - 2014-07-23 09:04 - 00003132 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Registration3
2014-07-23 09:04 - 2014-07-23 09:04 - 00002910 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3_triggeronce
2014-07-23 09:04 - 2014-07-23 09:04 - 00001122 ____C () C:\Users\Bob\Desktop\MyTurboPC.lnk
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\DriverCure
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\ProgramData\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Program Files (x86)\MyTurboPC.com
2014-07-23 09:04 - 2014-06-21 12:43 - 00002265 _____ () C:\Users\Public\Desktop\CloudBerry Online Backup.lnk
2014-07-23 09:04 - 2014-05-16 13:33 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-23 09:04 - 2014-02-25 18:14 - 00001142 _____ () C:\Users\Public\Desktop\Alcohol 120%.lnk
2014-07-23 09:04 - 2014-02-03 19:55 - 00002179 ____C () C:\Users\Bob\Desktop\HP Support Assistant.lnk
2014-07-23 09:04 - 2013-12-10 13:04 - 00002174 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-07-23 09:04 - 2013-08-26 19:32 - 00002114 _____ () C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
2014-07-23 09:04 - 2013-08-26 19:30 - 00002115 _____ () C:\Users\Public\Desktop\Media Impression 2.lnk
2014-07-23 09:04 - 2013-03-18 13:03 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-23 09:04 - 2013-03-03 10:15 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-07-23 09:04 - 2012-11-26 16:01 - 00001962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-07-23 09:04 - 2012-07-16 23:44 - 00000959 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-07-23 09:04 - 2012-02-26 12:30 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-23 09:04 - 2012-02-05 16:25 - 00002102 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-07-23 09:04 - 2011-08-04 13:37 - 00002060 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-23 09:04 - 2011-07-24 22:37 - 00001853 ____C () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Cincopa.lnk
2014-07-23 09:04 - 2011-07-24 22:37 - 00001829 ____C () C:\Users\Bob\Desktop\Cincopa.lnk
2014-07-23 09:04 - 2011-05-16 21:39 - 00001764 ____C () C:\Users\Bob\Desktop\Quicken Home & Business 2010.lnk
2014-07-23 09:04 - 2011-05-16 21:05 - 00001187 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-16 21:05 - 00001175 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-16 17:36 - 00002139 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-16 17:36 - 00002127 _____ () C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-08 11:18 - 00001112 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00002448 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00001420 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00001336 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00001267 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-07-23 09:04 - 2011-01-18 00:48 - 00000823 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAT.lnk
2014-07-23 09:04 - 2011-01-18 00:48 - 00000811 _____ () C:\Users\Public\Desktop\SAT.lnk
2014-07-23 09:04 - 2010-11-02 16:22 - 00002048 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-23 09:04 - 2010-08-21 17:58 - 00001985 _____ () C:\Users\Public\Desktop\Traffic Hybrid Software.lnk
2014-07-23 09:04 - 2010-07-09 17:25 - 00000971 _____ () C:\Users\Public\Desktop\Core FTP Lite.lnk
2014-07-23 09:04 - 2010-07-07 14:18 - 00001047 _____ () C:\Users\Public\Desktop\Notepad++.lnk
2014-07-23 09:04 - 2010-07-04 16:39 - 00001009 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
2014-07-23 09:04 - 2010-07-04 16:39 - 00000997 _____ () C:\Users\Public\Desktop\Acrobat_com.lnk
2014-07-23 09:04 - 2010-07-04 11:17 - 00002323 _____ () C:\Users\Public\Desktop\Creative Product Registration.lnk
2014-07-23 09:04 - 2010-07-04 00:56 - 00001941 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002308 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002282 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002276 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002264 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-07-23 09:04 - 2010-06-29 13:30 - 00001109 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2014-07-23 09:04 - 2010-06-29 13:22 - 00002167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2014-07-23 08:34 - 2014-07-23 08:34 - 00000021 ____C () C:\Users\Bob\Desktop\avast scan virus code for ref.txt
2014-07-23 02:42 - 2010-07-15 10:35 - 00000000 ____D () C:\Users\Bob\Documents\Silverfox trading post test drafts
2014-07-23 02:36 - 2010-07-13 16:42 - 00000000 ___DC () C:\Users\Bob\Documents\My Blog Sites
2014-07-23 02:00 - 2010-07-04 16:39 - 00000000 ___DC () C:\Users\Bob\AppData\Local\Adobe
2014-07-22 23:27 - 2010-07-06 21:13 - 00001437 ____C () C:\Users\Bob\Desktop\Spybot - Search & Destroy.lnk
2014-07-22 21:58 - 2013-03-11 15:13 - 00007622 ____C () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2014-07-22 13:38 - 2010-07-14 03:28 - 00000000 ____D () C:\Users\Bob\Documents\My eBooks
2014-07-22 13:18 - 2012-05-02 13:06 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-22 10:53 - 2014-06-21 08:02 - 00107008 __SHC () C:\Users\Bob\Desktop\Thumbs.db
2014-07-22 10:52 - 2010-08-05 14:10 - 00000000 ____D () C:\Users\Bob\Documents\UN PW SQ
2014-07-22 10:13 - 2011-06-30 14:03 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster
2014-07-22 10:13 - 2010-06-29 13:19 - 00000000 ___DC () C:\ProgramData\Temp
2014-07-21 19:06 - 2011-01-30 12:04 - 00002386 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-07-21 19:06 - 2009-07-14 00:32 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-21 09:43 - 2014-06-21 12:43 - 00000000 ___DC () C:\ProgramData\CloudBerry Online Backup
2014-07-20 00:55 - 2011-11-12 02:33 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-19 17:42 - 2012-07-01 14:04 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-16 02:05 - 2011-05-23 04:57 - 00000175 ____C () C:\ProgramData\LockFilePath.ini
2014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ___DC () C:\Users\Bob\Documents\CB Affiliate Ads
2014-07-09 04:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 03:21 - 2009-07-13 23:45 - 00360272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:20 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 03:20 - 2009-07-14 02:47 - 00000000 ___DC () C:\Program Files\Windows Journal
2014-07-09 03:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 03:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 03:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2010-07-08 15:12 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:52 - 2012-03-29 09:30 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:52 - 2012-03-29 09:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:52 - 2011-05-18 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 00:50 - 2014-06-28 22:22 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 00:50 - 2014-06-28 22:22 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 00:50 - 2011-12-28 12:06 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 00:48 - 2014-07-08 00:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 22:23 - 2011-05-08 12:28 - 00000000 ___DC () C:\Users\Bob\Documents\Invoices
2014-07-04 15:29 - 2010-07-04 01:09 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-04 14:41 - 2014-07-04 14:40 - 00000000 ___DC () C:\Users\Bob\Documents\Cloudberry
2014-06-30 10:00 - 2010-06-30 14:27 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-06-29 21:09 - 2014-07-09 00:34 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-09 00:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 19:51 - 2011-03-30 06:50 - 00000000 ___DC () C:\Users\Bob\AppData\Local\Windows Live
2014-06-29 03:30 - 2010-07-04 01:09 - 00001979 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-29 03:29 - 2014-06-29 03:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-29 03:29 - 2014-05-04 00:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-29 03:29 - 2014-01-10 23:30 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-29 03:29 - 2013-03-03 10:23 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-29 03:29 - 2013-03-03 10:23 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-29 03:29 - 2012-02-26 12:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-29 03:29 - 2011-06-11 09:46 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-29 03:29 - 2011-01-20 08:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-29 03:29 - 2010-07-04 01:09 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-28 23:05 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-06-28 22:22 - 2011-06-14 13:53 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Malwarebytes
2014-06-28 22:22 - 2011-06-14 13:53 - 00000000 ___DC () C:\ProgramData\Malwarebytes

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.exe
C:\Users\Bob\setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 07:35

==================== End Of Log ============================


  • 0

#5
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

dbreeze,

 

Additional scan log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
Ran by Bob at 2014-07-23 20:28:55
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 8.0 (HKLM-x32\...\PremElem80) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 (x32 Version: 8.0.1 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 8.0 Templates (HKLM-x32\...\PremElem80Templates) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 8.0 Templates (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cincopa Agent Application  (HKLM\...\Cincopa Agent Application) (Version:  - Cincopa)
CloudBerry Online Backup 3.9 (HKLM\...\CloudBerry Online Backup) (Version: 3.9 - CloudBerryLab)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Core FTP LE 2.1 (HKLM-x32\...\Core FTP LE 2.1) (Version:  - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.12 - Creative Technology Limited)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Document Capture Pro (HKLM-x32\...\{B4A3C072-87AF-4937-880D-3D7997111C0D}) (Version: 1.01.0000 - Seiko Epson Corporation)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{148C8BF9-E1B4-445D-AC67-2CABAE63949A}) (Version: 3.01.0009 - Seiko Epson Corporation)
EPSON Perfection V370 Photo Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON Perfection V370 Photo_is1) (Version: 3.0.2.0 - Epson America Inc.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.12.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}) (Version: 1.18.9.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyTurboPC (HKLM-x32\...\{A2F37CA8-53F8-4594-B701-32AE64BAED1A}) (Version: 3.2.3.0 - MyTurboPC.com)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.7 - )
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.5.3 - Intuit)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
SAT (HKLM-x32\...\SAT) (Version: v1 - UNKNOWN)
SAT (x32 Version: 1 - UNKNOWN) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Quicktracks for Premiere Elements 8.0 (HKLM-x32\...\InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 8.0 (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}) (Version: 1.0 - Creative Technology Limited)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Traffic Hybrid Software v2.01 (HKLM-x32\...\Traffic Hybrid Software_is1) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Website Legal Forms Generator (HKLM-x32\...\{08A91C9F-2BA3-4288-95DA-2FE397165981}) (Version: 2.0.0 - Internet Attorneys Association LLC)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID entries: ==========================

(Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

16-06-2014 05:00:24 Windows Backup
17-06-2014 05:00:24 Windows Backup
17-06-2014 10:10:13 Windows Update
18-06-2014 05:00:25 Windows Backup
19-06-2014 05:00:23 Windows Backup
20-06-2014 05:00:25 Windows Backup
21-06-2014 05:00:30 Windows Backup
23-06-2014 05:00:24 Windows Backup
23-06-2014 08:00:10 Windows Update
24-06-2014 05:00:26 Windows Backup
25-06-2014 04:32:00 Restore Operation
25-06-2014 05:03:09 Windows Backup
26-06-2014 05:00:26 Windows Backup
27-06-2014 05:00:28 Windows Backup
27-06-2014 08:27:58 Windows Update
28-06-2014 05:00:22 Windows Backup
29-06-2014 05:00:28 Windows Backup
29-06-2014 08:28:55 avast! antivirus system restore point
30-06-2014 05:00:26 Windows Backup
01-07-2014 05:00:25 Windows Backup
01-07-2014 09:30:43 Windows Update
02-07-2014 05:00:30 Windows Backup
03-07-2014 05:00:23 Windows Backup
04-07-2014 05:00:28 Windows Backup
05-07-2014 05:00:25 Windows Backup
06-07-2014 05:00:36 Windows Backup
07-07-2014 05:00:28 Windows Backup
08-07-2014 05:00:29 Windows Backup
08-07-2014 08:23:10 Windows Update
09-07-2014 05:00:28 Windows Backup
09-07-2014 08:00:17 Windows Update
10-07-2014 05:00:24 Windows Backup
11-07-2014 05:00:25 Windows Backup
11-07-2014 08:45:20 HPSF Restore Point
12-07-2014 05:00:25 Windows Backup
13-07-2014 05:00:32 Windows Backup
14-07-2014 05:00:27 Windows Backup
15-07-2014 05:00:27 Windows Backup
15-07-2014 08:48:02 Windows Update
16-07-2014 05:00:27 Windows Backup
17-07-2014 05:00:26 Windows Backup
18-07-2014 05:00:21 Windows Backup
19-07-2014 05:00:34 Windows Backup
20-07-2014 05:01:14 Windows Backup
22-07-2014 07:36:45 Windows Update
23-07-2014 14:30:33 MyTurboPC Backup
23-07-2014 14:49:06 MyTurboPC Backup
23-07-2014 16:08:49 Removed JavaFX 2.1.1
23-07-2014 16:10:05 Removed Java 7 Update 65
23-07-2014 20:03:36 Installed Java 7 Update 65
23-07-2014 20:17:44 MyTurboPC Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-13 09:25 - 00449956 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A4B6BAE-D05A-47E7-9606-AAFD9318ECD2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {0B873C99-F309-4751-B8AC-829584557742} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {128B2DEF-F16C-4039-870C-9820260410FB} - System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe [2014-05-09] (MyTurboPC.com)
Task: {1517BE6E-AAB2-4965-AA56-2B6875DFAF87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-16] (Google Inc.)
Task: {32222C6F-2CBE-4345-8898-067DB8BC02F4} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {41C6EBAD-AA15-42AD-8206-36F159D5046D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-16] (Google Inc.)
Task: {55B60045-2122-46C3-8D62-11F2F6B57CE4} - System32\Tasks\HPCeeScheduleForBob => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {57A5B2D1-BDAB-4558-8A35-DACCBBFB52D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {5A795AA0-6FBC-4053-B50F-DC548808D10B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {838343F9-3362-475C-92DF-892A3CAEF66D} - System32\Tasks\AdobeAAMUpdater-1.0-Bob-PC-Bob => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {86D84C27-1961-4555-9837-F16B59C0BCB6} - System32\Tasks\MyTurboPC.com Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll" RunUns
Task: {963A97A9-E537-40FA-8CF3-41D2BD83989C} - System32\Tasks\MyTurboPC.com Update3 => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe [2014-05-09] (MyTurboPC.com)
Task: {A33CBE55-289A-4D66-A4FD-5870E5434CB5} - System32\Tasks\MyTurboPC.com Update3_triggeronce => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe [2014-05-09] (MyTurboPC.com)
Task: {A445A0CC-580E-4C60-ADE1-91F2670854E5} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {B9E9E7C6-417C-41A8-A854-EB4EC46AE60E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C0A732A1-C1EA-4A79-8FA9-89DF25A1A93B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C1DE9713-742A-4DE3-B759-807EF2245029} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D557B8D6-A090-4EEA-B3BE-1EEBF102FA15} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {D72CEC2E-3A49-4AD6-AD0E-3DDF16A00846} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-06-29] (AVAST Software)
Task: {E327E5A8-C868-4E29-A261-76FD44287A59} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {FC522ADF-1D6E-4390-BA90-C66521312F18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {FD6FDCA0-FE73-45EA-8149-8ADE33BE074F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBob.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MyTurboPC.com Registration3.job => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll
Task: C:\Windows\Tasks\MyTurboPC.com Update3.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2014-01-13 12:52 - 2013-12-19 13:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-11-24 18:36 - 2009-11-24 18:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2009-09-14 18:17 - 2009-09-14 18:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2011-05-22 12:06 - 2011-05-26 14:14 - 00477080 ____C () C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
2014-06-05 04:50 - 2014-06-05 04:50 - 00836096 _____ () C:\Program Files (x86)\CloudBerryLab\CloudBerry Online Backup\CloudBerryLab.Backup.Engine.XmlSerializers.dll
2014-06-29 03:29 - 2014-06-29 03:29 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-07-23 15:03 - 2014-07-23 15:03 - 02794496 _____ () C:\Program Files\Alwil Software\Avast5\defs\14072300\algo.dll
2010-07-03 18:52 - 2009-06-03 14:34 - 03764224 _____ () C:\Users\Bob\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2010-07-03 18:52 - 2009-06-03 14:43 - 01703936 _____ () C:\Users\Bob\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2010-06-29 13:16 - 2009-02-06 20:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2010-06-29 13:16 - 2009-03-26 16:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-06-29 13:16 - 2009-03-17 06:39 - 00148992 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2012-02-05 16:10 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-06-29 03:29 - 2014-06-29 03:29 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2010-06-29 13:14 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-07-22 10:38 - 2014-07-22 10:38 - 03800688 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/23/2014 03:22:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot find a description of the content index in its database. Search will automatically attempt to recreate the content index description.  If this problem persists, stop and restart the search service and, if necessary, delete  and recreate the content index.  (HRESULT : 0x80041181) (0x80041181)

Error: (07/23/2014 11:11:53 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (07/23/2014 09:53:37 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/23/2014 03:22:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/23/2014 03:22:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (07/23/2014 03:22:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/23/2014 03:22:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (07/23/2014 03:22:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/23/2014 03:22:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (07/23/2014 03:22:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/23/2014 03:22:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (07/23/2014 03:22:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (07/23/2014 03:22:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


Microsoft Office Sessions:
=========================
Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4400

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2014 03:22:15 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/23/2014 03:22:10 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/23/2014 03:22:09 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index server cannot find a description of the content index in its database. Search will automatically attempt to recreate the content index description.  If this problem persists, stop and restart the search service and, if necessary, delete  and recreate the content index.  (HRESULT : 0x80041181) (0x80041181)

Error: (07/23/2014 11:11:53 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (07/23/2014 09:53:37 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


CodeIntegrity Errors:
===================================
  Date: 2011-06-20 14:23:21.607
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-20 14:23:21.592
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 6071.08 MB
Available physical RAM: 3650.35 MB
Total Pagefile: 12140.34 MB
Available Pagefile: 9672.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:584.56 GB) (Free:36.33 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.51 GB) (Free:1.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 7BF07001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=585 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#6
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

dbreeze,

Update

7/24 6:00 am - Available free space on c:\ drive = 35.1 GB

7/24 1:00 pm - Completed Backup update to Amazon S3 via Clouldberry Backup program.

After Backup completed available free space on C:\ drive =  28.8 GB

Note: A total of 56 MB of files/data was backup to S3. (Cloudberry only backs up files that were modified since last backup). Yet, C:\ drive free space was reduced by 6.3 GB after backup completed.

I still have my External Hard Drive (back up drive) disconnected from computer. Will keep it disconnected until malware problem is resolved.

Hope to hear from you soon.
 


  • 0

#7
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

I am still going over the logs and should have some of the fix to you in about 5~6 hours from now.  I know that is frustrating to see the drive space slowly close into zero; just wanted to update you on what is happening and that you are not forgotten.  If you wanted, you could close the system down for some time and check back later; at least that should slow down the "decay" of free space.


  • 0

#8
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hi dbreeze,

 

Thank you for the update. Will look for your next posting.

 

RE: Shutting system down. I've already been down that road. Didn't help. While the system is shut down no *decay* occurs. BUT, when boot up again most times LARGE amounts of GB disappear from C:\ drive. I guess the *monster* dwelling in my CPU doesn't like to be starved for long periods of time :laughing: , There is no loss of GB on a *restart*, but on a *full shut down* and reboot there is - strange!

 

C:\ drive is holding at 28.5 GB so far. If it gets down near 10 GB before we complete a full or partial fix that restores some GB's, I'll delete my entire *Documents* folder of 91 GB. Then pray one of my back ups (on S3 or External Hard Drive) *Documents* folder are not infected. If they are then I'll -  :smashcomp:  - LOL.

I suppose a new game could be developed out of this ... Malware Monsters vs Geeks To Go ... the alternative to W.O.W. -- LOL


Edited by Junius, 24 July 2014 - 05:47 PM.

  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Sorry for the delay, junius. I have to have my work checked right now before I can present it to you.

We now have some steps to move in the right direction. Again, if you have any questions about any steps or one of the steps / items does not happen as outlined, please stop and ask / inform us of these events. Thank you for your patience and understanding.

Step1 - Disable TeaTimer

Please go into the settings of Spybot Search & Destroy and disable the Teatimer protection component. This is need to allow our cleaning tool to work properly. To do this follow these steps, please:
Go into Spybot > Mode > Advanced Mode > Tools > Resident
Uncheck (if checked) the following:
Resident "TeaTimer" (Protection of over-all system settings) Active.

Close the Spybot dialog window(s).


Step2 - Disable Virtual Drives

Virtual Drive can 'distort' the picture of your system to our malware tools. Rather than uninstall all these programs, please run this program which will stop the drivers for the Virtual Drives until our clean up process is done.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step3 - Manual Uninstall

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

MyTurboPC

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


Step4 - Run a FRST64 script

Download attached fixlist.txt file and save it to the Desktop. Double click on the saved file and it should open in Notepad. Check that it looks the same as the text in the quote box below. If it does, close Notepad and continue running the Fix script. If it does not look the same, following the notation below to manually make a copy of the Fixlist.txt file.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64.exe by right clicking on it and selecting "Run as Administrator..". (If a new version of FRST64 is available, the program will notify you of that and download the updated version. Allow this to finish and FRST64 will inform you when it is safe to continue.)

Press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: Should you have problems with downloading the attached file, the text of the Fixlist.txt file is contained in the quote box below. You can open Notepad, copy the text in the quote box (highlight the text, right click and select copy), paste the copied text into Notepad and then save the file as Fixlist.txt. Close Notepad.exe when you are finished.

Fixlist.txt =>>


HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [CTRegRun] => C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd )
C:\Windows\CTRegRun.EXE
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {AC6C70BA-D774-4C32-A269-7BFEA5CA2226} URL =
SearchScopes: HKCU - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 altfp3xo; C:\Windows\System32\Drivers\altfp3xo.sys [0 ] (Advanced Micro Devices)
C:\Windows\System32\Drivers\altfp3xo.sys
2014-07-23 09:04 - 2014-07-23 18:00 - 00000472 _____ () C:\Windows\Tasks\MyTurboPC.com Registration3.job
2014-07-23 09:04 - 2014-07-23 11:13 - 00000547 _____ () C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
2014-07-23 09:04 - 2014-07-23 09:33 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job
2014-07-23 09:04 - 2014-07-23 09:33 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3.job
2014-07-23 09:04 - 2014-07-23 09:04 - 00003972 _____ () C:\Windows\System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC
2014-07-23 09:04 - 2014-07-23 09:04 - 00003248 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3
2014-07-23 09:04 - 2014-07-23 09:04 - 00003132 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Registration3
2014-07-23 09:04 - 2014-07-23 09:04 - 00002910 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3_triggeronce
2014-07-23 09:04 - 2014-07-23 09:04 - 00001122 ____C () C:\Users\Bob\Desktop\MyTurboPC.lnk
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\DriverCure
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\ProgramData\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Program Files (x86)\MyTurboPC.com
C:\ProgramData\hash.dat
C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.exe
C:\Users\Bob\setup.exe
Task: {128B2DEF-F16C-4039-870C-9820260410FB} - System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe [2014-05-09] (MyTurboPC.com)
Task: {86D84C27-1961-4555-9837-F16B59C0BCB6} - System32\Tasks\MyTurboPC.com Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll" RunUns
Task: {963A97A9-E537-40FA-8CF3-41D2BD83989C} - System32\Tasks\MyTurboPC.com Update3 => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe [2014-05-09] (MyTurboPC.com)
Task: {A33CBE55-289A-4D66-A4FD-5870E5434CB5} - System32\Tasks\MyTurboPC.com Update3_triggeronce => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe [2014-05-09] (MyTurboPC.com)
C:\Program Files (x86)\Common Files\MyTurboPC.com
c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC.com Registration3.job => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll
Task: C:\Windows\Tasks\MyTurboPC.com Update3.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
CMD: bitsadmin /list /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:


Attached File  Fixlist.txt   4.93KB   164 downloads


Step4 - Fresh FRST64 Scan

Right click on FRST64.exe on your desktop and let it load.
Click the SCAN button once and let the program finish.
It will open Notepad with the log file when the scan is finished; please copy and paste the text from that log in a reply here.


Things to Include in your Replies
  • Teatimer disabled ok?
  • Defogger ran without problems?
  • Uninstall of MyTurboPC?
  • FRST64 Fixlog.txt text.
  • New FRST64 scan FRST.txt text.
  • Any questions or concerns you have now?
  • How is the system running now?

  • 0

#10
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hi dbreeze,

 

Thank you for the list of things to do. Much appreciated!

 

I'm on the way out the door right now. I'll do all the procedures this evening and report back to you tonight.

 

C:\ drive was at 22.8 GB this morning (down about 6 GB from last night). So far today it is holding at 22.8 GB. Keeping my fingers crossed - LOL

 

Have a great day.

 

PS: Question: Would it be safe to *uninstall* Spybot Search and Destroy before completing the procedures you requested. Or, would it be better to just disable Teatimer now and uninstall Spybot after we get my computer fixed. Reason I'm asking is that I've been meaning to uninstall Spybot for some time now, but just haven't gotten around to it. Please let me know.


Edited by Junius, 25 July 2014 - 11:40 AM.

  • 0

Advertisements


#11
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Junius,

Since we are uninstalling a program anyway, I would think that uninstalling Spybot Search & Destroy would also be fine. Either way is fine (disabled or uninstalled); it is just that Teatimer can interfere with changes to the system.
  • 0

#12
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

dbreeze,

 

I'm in the process of completing the procedures you requested. I'll post the results here for your reference as I complete each step.

 

Step 1. Spybot S & D: Uninstalled.

 

(Note: received message after uninstall - "Install completed. Some elements could not be uninstalled. You can uninstall them manually.")

 

I don't know what elements they are referring to, or how to uninstall them.

 

Step 2. DeFogger: Completed.

 

Did not receive an Error Message but here is the log on my desktop anyway.

 

defogger_disable log:

 

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:01 on 26/07/2014 (Bob)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

 

Step 3. Manual Uninstall -MyTurboPC

 

Uninstall completed successfully.

 

Step 4. Run a FRST64 script

 

Completed. Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Bob at 2014-07-26 00:41:21 Run:1
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [CTRegRun] => C:\Windows\CTRegRun.EXE [53248 2006-10-06] (Creative Technology Ltd )
C:\Windows\CTRegRun.EXE
AppInit_DLLs: {DLL_Str} => {DLL_Str} File Not Found
AppInit_DLLs-x32: {DLL_Str} => "{DLL_Str}" File Not Found
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {AC6C70BA-D774-4C32-A269-7BFEA5CA2226} URL =
SearchScopes: HKCU - {54CCE146-0603-4190-898D-B43BD86BBA9C} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 altfp3xo; C:\Windows\System32\Drivers\altfp3xo.sys [0 ] (Advanced Micro Devices)
C:\Windows\System32\Drivers\altfp3xo.sys
2014-07-23 09:04 - 2014-07-23 18:00 - 00000472 _____ () C:\Windows\Tasks\MyTurboPC.com Registration3.job
2014-07-23 09:04 - 2014-07-23 11:13 - 00000547 _____ () C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
2014-07-23 09:04 - 2014-07-23 09:33 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job
2014-07-23 09:04 - 2014-07-23 09:33 - 00000436 _____ () C:\Windows\Tasks\MyTurboPC.com Update3.job
2014-07-23 09:04 - 2014-07-23 09:04 - 00003972 _____ () C:\Windows\System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC
2014-07-23 09:04 - 2014-07-23 09:04 - 00003248 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3
2014-07-23 09:04 - 2014-07-23 09:04 - 00003132 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Registration3
2014-07-23 09:04 - 2014-07-23 09:04 - 00002910 _____ () C:\Windows\System32\Tasks\MyTurboPC.com Update3_triggeronce
2014-07-23 09:04 - 2014-07-23 09:04 - 00001122 ____C () C:\Users\Bob\Desktop\MyTurboPC.lnk
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\DriverCure
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\ProgramData\MyTurboPC.com
2014-07-23 09:04 - 2014-07-23 09:04 - 00000000 ___DC () C:\Program Files (x86)\MyTurboPC.com
C:\ProgramData\hash.dat
C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.exe
C:\Users\Bob\setup.exe
Task: {128B2DEF-F16C-4039-870C-9820260410FB} - System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe [2014-05-09] (MyTurboPC.com)
Task: {86D84C27-1961-4555-9837-F16B59C0BCB6} - System32\Tasks\MyTurboPC.com Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll" RunUns
Task: {963A97A9-E537-40FA-8CF3-41D2BD83989C} - System32\Tasks\MyTurboPC.com Update3 => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe [2014-05-09] (MyTurboPC.com)
Task: {A33CBE55-289A-4D66-A4FD-5870E5434CB5} - System32\Tasks\MyTurboPC.com Update3_triggeronce => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe [2014-05-09] (MyTurboPC.com)
C:\Program Files (x86)\Common Files\MyTurboPC.com
c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC.com Registration3.job => C:\Program Files (x86)\Common Files\MyTurboPC.com\UUS3\UUS3.dll
Task: C:\Windows\Tasks\MyTurboPC.com Update3.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job => c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe
Task: C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job => C:\Program Files (x86)\MyTurboPC.com\MyTurboPC\mtpc.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
CMD: bitsadmin /list /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:
*****************

HKU\S-1-5-21-2443366756-1468529419-453783211-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CTRegRun => value deleted successfully.
C:\Windows\CTRegRun.EXE => Moved successfully.
"{DLL_Str}" => Value Data removed successfully.
"{DLL_Str}" => Value Data removed successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54CCE146-0603-4190-898D-B43BD86BBA9C}" => Key deleted successfully.
"HKCR\CLSID\{54CCE146-0603-4190-898D-B43BD86BBA9C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Error deleting key. The key could be protected.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{54CCE146-0603-4190-898D-B43BD86BBA9C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{54CCE146-0603-4190-898D-B43BD86BBA9C}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{54CCE146-0603-4190-898D-B43BD86BBA9C}" => Key deleted successfully.
"HKCR\CLSID\{54CCE146-0603-4190-898D-B43BD86BBA9C}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn => Moved successfully.
"C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
altfp3xo => Service not found.
"C:\Windows\System32\Drivers\altfp3xo.sys" => File/Directory not found.
"C:\Windows\Tasks\MyTurboPC.com Registration3.job" => File/Directory not found.
"C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job" => File/Directory not found.
C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job => Moved successfully.
"C:\Windows\Tasks\MyTurboPC.com Update3.job" => File/Directory not found.
"C:\Windows\System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC" => File/Directory not found.
"C:\Windows\System32\Tasks\MyTurboPC.com Update3" => File/Directory not found.
"C:\Windows\System32\Tasks\MyTurboPC.com Registration3" => File/Directory not found.
C:\Windows\System32\Tasks\MyTurboPC.com Update3_triggeronce => Moved successfully.
"C:\Users\Bob\Desktop\MyTurboPC.lnk" => File/Directory not found.
C:\Users\Bob\AppData\Roaming\MyTurboPC.com => Moved successfully.
"C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com" => File/Directory not found.
C:\Users\Bob\AppData\Roaming\DriverCure => Moved successfully.
C:\ProgramData\MyTurboPC.com => Moved successfully.
"C:\Program Files (x86)\MyTurboPC.com" => File/Directory not found.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.exe => Moved successfully.
C:\Users\Bob\setup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{128B2DEF-F16C-4039-870C-9820260410FB}" => Key not found.
C:\Windows\System32\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86D84C27-1961-4555-9837-F16B59C0BCB6}" => Key not found.
C:\Windows\System32\Tasks\MyTurboPC.com Registration3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Registration3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{963A97A9-E537-40FA-8CF3-41D2BD83989C}" => Key not found.
C:\Windows\System32\Tasks\MyTurboPC.com Update3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Update3" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A33CBE55-289A-4D66-A4FD-5870E5434CB5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A33CBE55-289A-4D66-A4FD-5870E5434CB5}" => Key deleted successfully.
C:\Windows\System32\Tasks\MyTurboPC.com Update3_triggeronce not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyTurboPC.com Update3_triggeronce" => Key deleted successfully.
"C:\Program Files (x86)\Common Files\MyTurboPC.com" => File/Directory not found.
"c:\program files (x86)\common files\myturbopc.com\uus3\Update3.exe" => File/Directory not found.
C:\Windows\Tasks\MyTurboPC.com Registration3.job not found.
C:\Windows\Tasks\MyTurboPC.com Update3.job not found.
C:\Windows\Tasks\MyTurboPC.com Update3_triggeronce.job not found.
C:\Windows\Tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

=========  bitsadmin /list /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Listed 0 job(s).

========= End of CMD: =========


=========  DEL %TEMP%\*.* /F /S /Q =========

Deleted file - C:\Users\Bob\AppData\Local\Temp\AdobeARM.log
Deleted file - C:\Users\Bob\AppData\Local\Temp\Fixlist.txt
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Bob\AppData\Local\Temp\JavaDeployReg.log
C:\Users\Bob\AppData\Local\Temp\JET34F4.tmp
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Bob\AppData\Local\Temp\jusched.log
C:\Users\Bob\AppData\Local\Temp\logger.log
The process cannot access the file because it is being used by another process.
Deleted file - C:\Users\Bob\AppData\Local\Temp\PDApp.log
Deleted file - C:\Users\Bob\AppData\Local\Temp\TWAIN.LOG
Deleted file - C:\Users\Bob\AppData\Local\Temp\Twain001.Mtx
Deleted file - C:\Users\Bob\AppData\Local\Temp\Twunk001.MTX
Deleted file - C:\Users\Bob\AppData\Local\Temp\Twunk002.MTX
Deleted file - C:\Users\Bob\AppData\Local\Temp\AdobeDownload\DLM.log
Deleted file - C:\Users\Bob\AppData\Local\Temp\avastBCLTMP\chrome\Default\Web Data
Deleted file - C:\Users\Bob\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
Deleted file - C:\Users\Bob\AppData\Local\Temp\~nsu.tmp\Au_.exe

========= End of CMD: =========


=========  RD /S /Q %TEMP% =========

C:\Users\Bob\AppData\Local\Temp\etilqs_6j0JJtXvrq02EK2 - The process cannot access the file because it is being used by another process.
C:\Users\Bob\AppData\Local\Temp\etilqs_T0DxOt1ZCxXI0bg - The process cannot access the file because it is being used by another process.
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt - The process cannot access the file because it is being used by another process.
C:\Users\Bob\AppData\Local\Temp\JET34F4.tmp - The process cannot access the file because it is being used by another process.
C:\Users\Bob\AppData\Local\Temp\logger.log - The process cannot access the file because it is being used by another process.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====

 

Step 4 - Fresh FRST64 Scan

 

Completed. Here's the log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Bob (administrator) on BOB-PC on 26-07-2014 01:03:49
Running from C:\Users\Bob\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Akamai Technologies, Inc.) C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(ArcSoft, Inc.) C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Akamai Technologies, Inc.) C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Cincopa\cincopaAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(CloudBerry Lab Inc.) C:\Program Files (x86)\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057408 2012-06-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4086432 2014-06-29] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [615808 2009-09-06] (Adobe Systems Incorporated)
HKU\S-1-5-21-2443366756-1468529419-453783211-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
ShortcutTarget: Epson scanner Registration.lnk -> C:\Users\Bob\AppData\Roaming\Leadertech\PowerRegister\Epson scanner Registration.exe (Leader Technologies/Epson)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: NetVideoHunter - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\Extensions\[email protected] [2013-12-01]
FF Extension: ViewTubeTrain Toolbar Beta - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\Extensions\[email protected] [2012-05-14]
FF Extension: S3 Firefox Organizer(S3Fox) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\Extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi [2014-06-24]
FF Extension: Password Exporter - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-07-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-11]

Chrome:
=======
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-26]
CHR Extension: (Google Search) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-26]
CHR Extension: (avast! Online Security) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-13]
CHR Extension: (Google Wallet) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-06-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-06-29] (AVAST Software)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 BackupService; C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cincopaAgent; C:\Program Files (x86)\Cincopa\cincopaAgent.exe [20480 2011-01-03] () [File not signed]
R2 CloudBerry Backup Service; C:\Program Files (x86)\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe [61440 2014-06-05] (CloudBerry Lab Inc.) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-07-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-06-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-28] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-29] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-25] (Duplex Secure Ltd.)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 01:03 - 2014-07-26 01:03 - 00021053 ____C () C:\Users\Bob\Desktop\FRST.txt
2014-07-26 00:01 - 2014-07-26 00:01 - 00000578 ____C () C:\Users\Bob\Desktop\defogger_disable.log
2014-07-26 00:01 - 2014-07-26 00:01 - 00000020 ____C () C:\Users\Bob\defogger_reenable
2014-07-25 23:59 - 2014-07-25 23:59 - 00050477 ____C () C:\Users\Bob\Desktop\Defogger.exe
2014-07-25 01:05 - 2014-07-25 14:58 - 06557696 ____C () C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-25.QDF-backup
2014-07-24 13:03 - 2014-07-24 13:03 - 00000000 ____C () C:\Users\Bob\Sti_Trace.log
2014-07-24 13:02 - 2014-07-26 00:44 - 00000504 _____ () C:\Windows\setupact.log
2014-07-24 13:02 - 2014-07-24 13:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-24 13:01 - 2014-07-26 00:42 - 00005574 _____ () C:\Windows\PFRO.log
2014-07-24 02:48 - 2014-07-26 00:28 - 00000000 ___DC () C:\Users\Bob\Desktop\Geek To Go Tools
2014-07-23 20:28 - 2014-07-26 01:03 - 00000000 ___DC () C:\FRST
2014-07-23 20:25 - 2014-07-23 20:25 - 02093568 ____C (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-23 15:04 - 2014-07-23 15:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 15:03 - 2014-07-23 15:03 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-07-23 11:39 - 2014-07-23 11:39 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\Program Files\CCleaner
2014-07-23 11:26 - 2014-07-23 11:26 - 00090832 _____ () C:\Users\Bob\Downloads\Extras.Txt
2014-07-23 11:25 - 2014-07-23 11:25 - 00112290 _____ () C:\Users\Bob\Downloads\OTL.Txt
2014-07-22 10:38 - 2014-07-23 09:31 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 18:03 - 2014-07-13 18:04 - 00000000 ___DC () C:\Users\Bob\Documents\CB Affiliate Ads
2014-07-09 00:34 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 00:34 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 00:34 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 00:34 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 00:34 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 00:34 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 00:34 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 00:34 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 00:34 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 00:34 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 00:34 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 00:34 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 00:34 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 00:34 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 00:34 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 00:34 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 00:34 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 00:34 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 00:34 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 00:34 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 00:34 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 00:34 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 00:34 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 00:34 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 00:34 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 00:34 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 00:34 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 00:34 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 00:34 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 00:34 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 00:34 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 00:34 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 00:34 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 00:34 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 00:34 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 00:34 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 00:34 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 00:34 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 00:34 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 00:34 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 00:34 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 00:34 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 00:34 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 00:34 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 00:34 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 00:34 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 00:34 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 00:34 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 00:34 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 00:34 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 00:34 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 00:34 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 00:34 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 00:34 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 00:34 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 00:34 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 00:34 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 00:33 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 00:33 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 00:33 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 00:33 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 00:33 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 00:33 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 00:33 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 00:33 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 00:33 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 00:32 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 00:32 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 00:32 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 00:47 - 2014-07-08 00:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 14:40 - 2014-07-04 14:41 - 00000000 ___DC () C:\Users\Bob\Documents\Cloudberry
2014-06-29 03:29 - 2014-06-29 03:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-28 22:23 - 2014-07-23 15:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 22:22 - 2014-07-08 00:50 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 22:22 - 2014-07-08 00:50 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 22:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 22:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 01:04 - 2014-07-26 01:03 - 00021053 ____C () C:\Users\Bob\Desktop\FRST.txt
2014-07-26 01:03 - 2014-07-23 20:28 - 00000000 ___DC () C:\FRST
2014-07-26 00:53 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 00:53 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 00:52 - 2012-03-29 09:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 00:49 - 2010-07-04 16:11 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBob
2014-07-26 00:49 - 2010-07-04 16:11 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForBob.job
2014-07-26 00:44 - 2014-07-24 13:02 - 00000504 _____ () C:\Windows\setupact.log
2014-07-26 00:44 - 2010-07-16 20:14 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 00:43 - 2010-06-29 13:15 - 00000000 ___DC () C:\ProgramData\NVIDIA
2014-07-26 00:43 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 00:42 - 2014-07-24 13:01 - 00005574 _____ () C:\Windows\PFRO.log
2014-07-26 00:42 - 2010-06-29 15:19 - 01937089 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 00:41 - 2010-07-03 18:51 - 00000000 ___DC () C:\Users\Bob
2014-07-26 00:28 - 2014-07-24 02:48 - 00000000 ___DC () C:\Users\Bob\Desktop\Geek To Go Tools
2014-07-26 00:23 - 2010-07-16 20:14 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 00:01 - 2014-07-26 00:01 - 00000578 ____C () C:\Users\Bob\Desktop\defogger_disable.log
2014-07-26 00:01 - 2014-07-26 00:01 - 00000020 ____C () C:\Users\Bob\defogger_reenable
2014-07-25 23:59 - 2014-07-25 23:59 - 00050477 ____C () C:\Users\Bob\Desktop\Defogger.exe
2014-07-25 23:51 - 2010-07-06 21:13 - 00000000 ___DC () C:\ProgramData\Spybot - Search & Destroy
2014-07-25 23:51 - 2010-07-06 21:13 - 00000000 ___DC () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-25 18:51 - 2011-01-30 12:04 - 00002386 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-07-25 18:51 - 2009-07-14 00:32 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-25 14:58 - 2014-07-25 01:05 - 06557696 ____C () C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-25.QDF-backup
2014-07-25 02:00 - 2010-07-04 16:39 - 00000000 ___DC () C:\Users\Bob\AppData\Local\Adobe
2014-07-24 13:03 - 2014-07-24 13:03 - 00000000 ____C () C:\Users\Bob\Sti_Trace.log
2014-07-24 13:02 - 2014-07-24 13:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-24 13:01 - 2012-05-02 13:06 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-24 13:00 - 2014-06-11 09:57 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-24 12:48 - 2014-06-21 12:43 - 00000000 ___DC () C:\ProgramData\CloudBerry Online Backup
2014-07-24 02:16 - 2011-08-04 13:37 - 00002060 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-07-24 02:16 - 2010-11-02 16:23 - 00000000 ___DC () C:\Users\Bob\AppData\Local\Thunderbird
2014-07-24 02:16 - 2010-11-02 16:22 - 00002048 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-07-24 01:51 - 2011-05-08 12:28 - 00000000 ___DC () C:\Users\Bob\Documents\Invoices
2014-07-24 01:16 - 2014-06-21 08:02 - 00124416 __SHC () C:\Users\Bob\Desktop\Thumbs.db
2014-07-23 20:25 - 2014-07-23 20:25 - 02093568 ____C (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2014-07-23 15:23 - 2014-06-28 22:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 15:04 - 2014-07-23 15:04 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-23 15:04 - 2014-07-23 15:04 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-23 15:04 - 2014-07-23 15:04 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-23 15:04 - 2013-09-22 03:18 - 00000000 ___DC () C:\ProgramData\Oracle
2014-07-23 15:03 - 2014-07-23 15:03 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-07-23 11:41 - 2012-11-26 16:01 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\FileZilla
2014-07-23 11:41 - 2010-07-09 17:27 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\CoreFTP
2014-07-23 11:40 - 2010-07-05 20:23 - 00000000 ___DC () C:\Users\Bob\AppData\Local\MigWiz
2014-07-23 11:39 - 2014-07-23 11:39 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-23 11:39 - 2014-07-23 11:39 - 00000000 ___DC () C:\Program Files\CCleaner
2014-07-23 11:26 - 2014-07-23 11:26 - 00090832 _____ () C:\Users\Bob\Downloads\Extras.Txt
2014-07-23 11:25 - 2014-07-23 11:25 - 00112290 _____ () C:\Users\Bob\Downloads\OTL.Txt
2014-07-23 09:35 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-23 09:31 - 2014-07-22 10:38 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 09:31 - 2013-08-26 19:33 - 00000000 ___DC () C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
2014-07-23 09:31 - 2011-03-30 07:28 - 00000000 ___DC () C:\ProgramData\NVIDIA Corporation
2014-07-23 09:31 - 2010-11-01 17:43 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 09:31 - 2010-09-06 21:14 - 00000000 ___DC () C:\Users\Bob\Desktop\KompoZer 0.7.10
2014-07-23 09:31 - 2010-07-08 09:15 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\hpqLog
2014-07-23 09:31 - 2010-07-04 00:48 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Adobe
2014-07-23 09:31 - 2010-07-03 18:57 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\HpUpdate
2014-07-23 09:31 - 2010-07-03 18:56 - 00000000 ___DC () C:\Users\Bob\AppData\Local\PowerCinema
2014-07-23 09:31 - 2010-06-29 14:04 - 00000000 ____D () C:\Windows\Panther
2014-07-23 09:31 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-07-23 09:30 - 2010-12-21 14:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstantArticleWizard
2014-07-23 09:30 - 2010-07-09 17:25 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core FTP
2014-07-23 09:04 - 2014-06-21 12:43 - 00002265 _____ () C:\Users\Public\Desktop\CloudBerry Online Backup.lnk
2014-07-23 09:04 - 2014-05-16 13:33 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-23 09:04 - 2014-02-25 18:14 - 00001142 _____ () C:\Users\Public\Desktop\Alcohol 120%.lnk
2014-07-23 09:04 - 2014-02-03 19:55 - 00002179 ____C () C:\Users\Bob\Desktop\HP Support Assistant.lnk
2014-07-23 09:04 - 2013-12-10 13:04 - 00002174 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2014-07-23 09:04 - 2013-08-26 19:32 - 00002114 _____ () C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
2014-07-23 09:04 - 2013-08-26 19:30 - 00002115 _____ () C:\Users\Public\Desktop\Media Impression 2.lnk
2014-07-23 09:04 - 2013-03-18 13:03 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-23 09:04 - 2013-03-03 10:15 - 00001041 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-07-23 09:04 - 2012-11-26 16:01 - 00001962 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-07-23 09:04 - 2012-07-16 23:44 - 00000959 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-07-23 09:04 - 2012-02-26 12:30 - 00002217 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-23 09:04 - 2012-02-05 16:25 - 00002102 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-07-23 09:04 - 2011-07-24 22:37 - 00001853 ____C () C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Cincopa.lnk
2014-07-23 09:04 - 2011-07-24 22:37 - 00001829 ____C () C:\Users\Bob\Desktop\Cincopa.lnk
2014-07-23 09:04 - 2011-05-16 21:39 - 00001764 ____C () C:\Users\Bob\Desktop\Quicken Home & Business 2010.lnk
2014-07-23 09:04 - 2011-05-16 21:05 - 00001187 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-16 21:05 - 00001175 _____ () C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-16 17:36 - 00002139 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-16 17:36 - 00002127 _____ () C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
2014-07-23 09:04 - 2011-05-08 11:18 - 00001112 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00002448 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00001420 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00001336 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-07-23 09:04 - 2011-03-30 06:53 - 00001267 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-07-23 09:04 - 2011-01-18 00:48 - 00000823 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAT.lnk
2014-07-23 09:04 - 2011-01-18 00:48 - 00000811 _____ () C:\Users\Public\Desktop\SAT.lnk
2014-07-23 09:04 - 2010-08-21 17:58 - 00001985 _____ () C:\Users\Public\Desktop\Traffic Hybrid Software.lnk
2014-07-23 09:04 - 2010-07-09 17:25 - 00000971 _____ () C:\Users\Public\Desktop\Core FTP Lite.lnk
2014-07-23 09:04 - 2010-07-07 14:18 - 00001047 _____ () C:\Users\Public\Desktop\Notepad++.lnk
2014-07-23 09:04 - 2010-07-04 16:39 - 00001009 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk
2014-07-23 09:04 - 2010-07-04 16:39 - 00000997 _____ () C:\Users\Public\Desktop\Acrobat_com.lnk
2014-07-23 09:04 - 2010-07-04 11:17 - 00002323 _____ () C:\Users\Public\Desktop\Creative Product Registration.lnk
2014-07-23 09:04 - 2010-07-04 00:56 - 00001941 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002308 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002282 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002276 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2014-07-23 09:04 - 2010-06-29 15:17 - 00002264 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-07-23 09:04 - 2010-06-29 13:30 - 00001109 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2014-07-23 09:04 - 2010-06-29 13:22 - 00002167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2014-07-23 02:42 - 2010-07-15 10:35 - 00000000 ____D () C:\Users\Bob\Documents\Silverfox trading post test drafts
2014-07-23 02:36 - 2010-07-13 16:42 - 00000000 ___DC () C:\Users\Bob\Documents\My Blog Sites
2014-07-22 21:58 - 2013-03-11 15:13 - 00007622 ____C () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2014-07-22 13:38 - 2010-07-14 03:28 - 00000000 ____D () C:\Users\Bob\Documents\My eBooks
2014-07-22 10:52 - 2010-08-05 14:10 - 00000000 ____D () C:\Users\Bob\Documents\UN PW SQ
2014-07-22 10:13 - 2011-06-30 14:03 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster
2014-07-22 10:13 - 2010-06-29 13:19 - 00000000 ___DC () C:\ProgramData\Temp
2014-07-20 00:55 - 2011-11-12 02:33 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-19 17:42 - 2012-07-01 14:04 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-16 02:05 - 2011-05-23 04:57 - 00000175 ____C () C:\ProgramData\LockFilePath.ini
2014-07-13 18:04 - 2014-07-13 18:03 - 00000000 ___DC () C:\Users\Bob\Documents\CB Affiliate Ads
2014-07-09 04:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 03:21 - 2009-07-13 23:45 - 00360272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:20 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 03:20 - 2009-07-14 02:47 - 00000000 ___DC () C:\Program Files\Windows Journal
2014-07-09 03:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 03:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 03:04 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2010-07-08 15:12 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:52 - 2012-03-29 09:30 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 16:52 - 2012-03-29 09:30 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 16:52 - 2011-05-18 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 00:50 - 2014-06-28 22:22 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 00:50 - 2014-06-28 22:22 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 00:50 - 2011-12-28 12:06 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 00:48 - 2014-07-08 00:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Bob\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 15:29 - 2010-07-04 01:09 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-04 14:41 - 2014-07-04 14:40 - 00000000 ___DC () C:\Users\Bob\Documents\Cloudberry
2014-06-30 10:00 - 2010-06-30 14:27 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-06-29 21:09 - 2014-07-09 00:34 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-09 00:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 19:51 - 2011-03-30 06:50 - 00000000 ___DC () C:\Users\Bob\AppData\Local\Windows Live
2014-06-29 03:30 - 2010-07-04 01:09 - 00001979 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-29 03:29 - 2014-06-29 03:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-29 03:29 - 2014-05-04 00:55 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-29 03:29 - 2014-01-10 23:30 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-29 03:29 - 2013-03-03 10:23 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-29 03:29 - 2013-03-03 10:23 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-29 03:29 - 2012-02-26 12:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-29 03:29 - 2011-06-11 09:46 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-29 03:29 - 2011-01-20 08:00 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-29 03:29 - 2010-07-04 01:09 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-28 23:05 - 2009-07-13 23:45 - 00000000 ____D () C:\Windows\Setup
2014-06-28 22:22 - 2011-06-14 13:53 - 00000000 ___DC () C:\Users\Bob\AppData\Roaming\Malwarebytes
2014-06-28 22:22 - 2011-06-14 13:53 - 00000000 ___DC () C:\ProgramData\Malwarebytes

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-18 07:35

==================== End Of Log ============================

 

5. All requested procedures completed.

 

System is running okay. But, problem of *decaying* C:\ drive free space not resolved. Before starting above procedures C:\ drive had 22.8 GB of free space. Now it has 23.3 GB of free space. A *0.5 GB* improvement. I'm assuming that is the result of uninstalling Spybot S & D and MyTurboPC programs.

 

I'll wait for additional instructions from you.

 

Have a great day.


Edited by Junius, 26 July 2014 - 12:30 AM.

  • 0

#13
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you for the logs and your replies to my requests for actions.

 

I think I know the answer to this question but I need to ask to verify my next actions: have you installed or added any new extensions to any of your browsers in the last three days?


  • 0

#14
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hi Dbreeze,

 

BIG SURPRISE just occurred.

 

But, first to answer your question. I primarily use Firefox browser. (95% of time). The only thing I've added to FF during the last 3 days was a FF add on that makes it so can export *saved user names and passwords* from the Password Manager as cvs or xml files and deposit them into excel or OpenOffice Calc spread sheet to print out paper copies of them. I did this so I'd have a paper copy of my 247 User Names/Passwords in the event this computer crashed and burned before we could get the problem fixed, etc. If I recall correctly, I added it the night of July 24th.

 

The Add On is: Password Exporter 1.2.1 (https://github.com/f...d-exporter/wiki)

 

I've added no other Add On's, Extensions or Plug-in's to IE, Chrome or FF during the last 3 days (or for several months, in fact).

 

Here is a list of all Firefox browser Add On's (extensions) I have:

1. NetVideoHunter 1.15 (status Enabled)
http://www.netvideohunter.com/

2. S3 Firefox Organizer (S3Fox) 0.6 (status Enabled)
http://www.s3fox.net/

3. avast! Online Security 9.0.2021.112 (status Disabled) (Note: I use the free version of Avast. Prior to the Avast 2014 upgrade Online Security was included in the free Avast version.)
http://www.avast.com/en-us/index

4. Password Explorter 1.2.1 (status Disabled). (Note: I only *enable* this when I need to print a paper list of UserNames/Passwords.)
https://github.com/f...d-exporter/wiki

5. ViewTubeTrain Toolbar Beta 0.03 (status Disabled) (Note: I enable this when doing video promotions on video sharing sites.)
http://www.viewtubetrain.com/
 

 

Now for the BIG SURPRISE:

 

At about 3:20 am while doing research on YouTube my computer suddenly *blue screened* then shut down and restarted in *normal mode*. Once Windows loaded and my Desktop came up a Windows dialogue box appeared *Unexpected Shut Down*. Details of the shut down are:

 

==================

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.256.48
  Locale ID:    1033

Additional information about the problem:
  BCCode:    1000007e
  BCP1:    FFFFFFFFC0000005
  BCP2:    FFFFF88001AABD6E
  BCP3:    FFFFF88007ED5908
  BCP4:    FFFFF88007ED5160
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    256_1

Files that help describe the problem:
  C:\Windows\Minidump\072614-319505-01.dmp
  C:\Users\Bob\AppData\Local\Temp\WER-489671-0.sysdata.xml

=================================

 

Before the Blue Screen event C:\ drive had 23.3 GB of free disk space.

 

After the computer restarted C:\ drive had 365 GB of free disk space.

 

I then ran *Disk Cleanup* after which C:\ drive now has 415 GB of free disk space. (And 169 GB of Used Space) This is back to the normal range of free space I usually have on C:\ drive (before this problem of *decaying* free space started).

 

I don't know how or why this occurred but it did - LOL.

 

Question: My Avast anti-virus is scheduled to do its weekly *full system scan* at mid-night tonight (7/26 - Saturday). Should I let it go ahead and run. Or, should I *not* let it run until we complete fixing my computer?

 

I'll await your additional instructions.

 

Have a great day.


Edited by Junius, 26 July 2014 - 09:39 AM.

  • 0

#15
Junius

Junius

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Update 7/26/2014 10:45 am (CT):

 

C:\ drive is currently at 412 GB of available free space.

 

Only a 3 GB change since 3:20 am (CT) this morning when *blue screened*.

 

Update 7/27/2014 7:45 am (CT)

 

C:\ drive still maintaining 412 GB of available free space.

 

Didn't run weekly scheduled Avast Full System Scan at mid-night last night (7/26th, Saturday) as was not sure if okay to do so having not received reply from you to my previous post above.


Edited by Junius, 27 July 2014 - 06:53 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP