Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very slow computer, aswMBR rootkit not working [Closed]

aswMBR Slow

  • This topic is locked This topic is locked

#1
Spencer4134

Spencer4134

    Member

  • Member
  • PipPip
  • 57 posts

My computer has become EXTREMELY SLOW. Takes a long time to open firefox, and sometimes lags during shutdown. Also get a black screen with a mouse for quite some time on bootup. There are some suspicious looking files like Yahoo! Browser Plus. Takes like 30-40 seconds to open Control Panel. This is a Toshiba Windows 7 Laptop. Desktop has a tendency to go unresponsive if I right click...

 

aswMBR just won't work. Something about rootkit analysis. It's a windows message that comes up telling me that it has stopped working. Won't even work in safe mode.

 

:alarm: UPDATE: Apparently, "Windows cannot find the disk or network location where your backups are being saved." :alarm:

...

What is going on?!?! :upset:

 

Here's the FRST logs:

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-08-2014
Ran by Conrad Bowen at 2014-08-13 11:04:29
Running from C:\Users\Conrad Bowen\Documents\1to1Greetings\CmasProofs\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon iPF8000 Print Plug-In for Photoshop CS5 x64 (HKLM-x32\...\{C403A67A-2C78-478C-A88A-BB27FC90B13F}) (Version: 5.00 - Canon)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Dynamic Auto-Painter x64 PRO version 3.0.2 (HKLM\...\{30994599-9734-455F-B51D-7E5E987AFA2A}_is1) (Version: 3.0.2 - Mediachance.com)
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Google Apps Migration For Microsoft Outlook® 2.3.14.36 (HKLM-x32\...\{C46F4ED2-0337-4267-97A1-89735C781E0D}) (Version: 2.3.14.36 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.5.370.990 (HKLM-x32\...\{2E92FFC5-4082-40BF-9CA7-0E5D16C811CE}) (Version: 3.5.370.990 - Google, Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 8.0.13192.945 - Hewlett-Packard)
HP LaserJet Pro MFP M127-M128 Fax (Version: 32.0.36.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax (x32 Version: 32.0.36.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax Driver (Version: 32.0.36.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 HP Device Toolbox (x32 Version: 32.0.28.0 - Hewlett-Packard Co.) Hidden
HP LJ M127128 Scan HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (x32 Version: 4.0.0.8582 - Hewlett-Packard Company) Hidden
HP Unified IO (Version: 2.0.0.477 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.477 - HP) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM128DSService (x32 Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.40 - HP) Hidden
HPLJDXPHelper (x32 Version: 060.048.005 - HP) Hidden
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (x32 Version: 008.000.0001 - HP) Hidden
HPLJUTM127_128 (x32 Version: 008.000.0001 - HP) Hidden
hppLaserJetService (x32 Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (x32 Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (x32 Version: 080.046.00111 - Hewlett-Packard) Hidden
imagePROGRAF Status Monitor (HKLM-x32\...\{66392B7C-C522-450D-97B7-B3E41E170C3B}) (Version: 25.10 - Canon)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LJDXPHelperUI (x32 Version: 060.048.005 - HP) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Personal Folders Backup (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PDF Pro 10 (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 10.4.0000 - PDF Pro Software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.04 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Visual C++ 8.0 CRT (x86) WinSXS MSM (x32 Version: 8.0.50727.762 - Microsoft Corporation) Hidden
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM (x32 Version: 8.0.50727.762 - Microsoft Corporation) Hidden
Visual C++ 8.0 MFC (x86) WinSXS MSM (x32 Version: 8.0.50727.762 - Microsoft Corporation) Hidden
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM (x32 Version: 8.0.50727.762 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 12.1 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}) (Version: 12.1.8519 - WinZip Computing, S.L. )
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Local\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4154370108-1394326414-2424723564-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-07-2014 19:22:16 Windows Update
23-07-2014 20:35:26 Scheduled Checkpoint
25-07-2014 23:46:29 Windows Update
01-08-2014 20:20:03 Removed GO Contact Sync Mod
02-08-2014 13:19:24 Windows Update
03-08-2014 17:50:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2010-10-31 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0883E6EF-163E-42E5-8247-2F1C7192405C} - System32\Tasks\{57E5DE37-2FE6-4504-A21F-AEC32D06D1C0} => C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\HPScan.exe [2013-05-31] (Hewlett-Packard Co.)
Task: {13F6AA28-AE48-4601-8D68-66DEBC30ABDA} - System32\Tasks\{2445BE4C-1F50-410B-AF68-A057FC5EBB31} => C:\Users\Conrad Bowen\Desktop\winzip121.exe
Task: {1ACC2C94-A80C-49E7-BFDA-38C05FE6F7DB} - System32\Tasks\{E4611E08-D5B5-496C-9544-AD1B7C299FD0} => Firefox.exe
Task: {25C80F8C-D2ED-48E3-B4FA-03DFECE781C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21] (Google Inc.)
Task: {2CA33F08-846C-44AF-A112-82C25E1ABEED} - System32\Tasks\{75CF7C7B-9F3F-416E-B5B5-9FE1C4F05C4C} => Firefox.exe
Task: {32E94DAA-6847-4B67-BF85-360EE3E7325B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {69881864-55FD-4570-A77F-4D203B0EBA86} - System32\Tasks\{2B21AEF8-ED8D-4C64-81AA-89B9BE7569CE} => C:\Users\Conrad Bowen\Desktop\winzip121.exe
Task: {6CEEE651-460C-45FE-A373-5FE34F815266} - System32\Tasks\{240348F0-D786-4E27-A973-3E98D0FB417E} => Firefox.exe
Task: {8BDADA94-E612-4156-8C6A-C1CE6B2DB6AE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {94718C96-CBE4-440A-9357-F4810C4FA8F0} - System32\Tasks\G2MUpdateTask-S-1-5-21-4154370108-1394326414-2424723564-1000 => C:\Users\Conrad Bowen\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E0CFE8BB-DF90-47AB-803D-6949A1B506FD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {E0F931BA-49A8-49E6-B32F-D34F62A0AA21} - System32\Tasks\{7D51BA00-EF02-4CAE-B3B6-213E45E98A05} => Firefox.exe
Task: {E13897A7-C31D-4222-AAC0-FCA019F699CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-21] (Google Inc.)
Task: {FA8C5BE1-6DA0-4684-A1EB-681E0136DB4B} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-01-28] (Hewlett Packard)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4154370108-1394326414-2424723564-1000.job => C:\Users\Conrad Bowen\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-15 15:52 - 2014-06-06 15:11 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-15 15:52 - 2014-07-11 17:30 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-15 15:52 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2014-07-25 05:43 - 2014-07-25 05:44 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-07-25 05:43 - 2014-07-25 05:44 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-07-25 05:44 - 2014-07-25 05:44 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-07-25 05:44 - 2014-07-25 05:44 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2014-07-15 15:52 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2014-07-15 15:52 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-08-07 10:53 - 2014-08-07 10:53 - 00043008 _____ () c:\Users\Conrad Bowen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmelckt.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\libcef.dll
2012-04-18 20:37 - 2011-08-29 15:57 - 01135616 _____ () C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\TMSlite140.bpl
2012-04-18 20:37 - 2011-08-29 15:57 - 02366464 _____ () C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\BBlite140.bpl
2012-04-18 20:37 - 2010-11-23 09:46 - 02387456 _____ () C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\PKIECtrl140.bpl
2012-04-18 20:37 - 2011-07-31 08:45 - 00684032 _____ () C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\js32.dll
2012-04-18 20:37 - 2011-08-18 16:40 - 00336896 _____ () C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\visage140.bpl
2012-04-18 20:37 - 2011-08-29 15:57 - 00088576 _____ () C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\expertpdfcore140.bpl
2012-04-18 20:37 - 2011-08-18 16:40 - 00212992 _____ () C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vsmisc140.bpl

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D346F792
AlternateDataStreams: C:\Users\Conrad Bowen\Downloads\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^imagePROGRAF Status Monitor.lnk => C:\windows\pss\imagePROGRAF Status Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Conrad Bowen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CnwiDeviceAgent => C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe
MSCONFIG\startupreg: Heleni Uploader =>
MSCONFIG\startupreg: HotKeysCmds => "C:\windows\system32\hkcmd.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => "C:\windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: MSC =>
MSCONFIG\startupreg: Persistence => "C:\windows\system32\igfxpers.exe"
MSCONFIG\startupreg: PhotoJoy =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartAudio =>
MSCONFIG\startupreg: StartNowToolbarHelper =>
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
MSCONFIG\startupreg: TosVolRegulator => "C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
MSCONFIG\startupreg: TPwrMain => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Windows Mobile Device Center => "%windir%\WindowsMobile\wmdc.exe"

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2014 10:02:31 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (08/13/2014 10:02:31 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (08/04/2014 04:00:05 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/02/2014 02:22:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: hpzjcd01.dll_unloaded, version: 0.0.0.0, time stamp: 0x515df290
Exception code: 0xc0000005
Fault offset: 0x0000000180019f9b
Faulting process id: 0x668
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (07/31/2014 07:14:15 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/31/2014 07:14:15 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/31/2014 07:14:15 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/29/2014 00:17:35 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/29/2014 00:17:35 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/29/2014 00:17:35 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (08/07/2014 00:09:41 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{42E3E135-8341-4569-B362-A380A0DF4BF5}.
The backup browser is stopping.

Error: (08/07/2014 08:53:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.

Error: (08/06/2014 06:28:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.

Error: (08/05/2014 04:43:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (08/04/2014 02:00:57 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (08/03/2014 11:45:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (08/02/2014 02:22:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/02/2014 08:04:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/02/2014 07:14:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (07/29/2014 07:07:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.


Microsoft Office Sessions:
=========================
Error: (12/12/2013 11:13:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/19/2013 03:31:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14797 seconds with 4320 seconds of active time.  This session ended with a crash.

Error: (09/20/2013 05:12:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14538 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (08/09/2013 11:13:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55787 seconds with 5940 seconds of active time.  This session ended with a crash.

Error: (05/09/2013 04:42:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/24/2013 05:04:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/14/2012 10:37:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1316 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (09/21/2012 08:20:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13794 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (07/09/2012 08:09:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 153 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/15/2012 05:17:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 59 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-27 14:06:51.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP25.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-27 14:06:51.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP25.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-27 14:06:49.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP25.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-27 14:06:48.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP25.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-27 14:06:42.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP25.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-27 14:06:41.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP25.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 58%
Total physical RAM: 1915.98 MB
Available physical RAM: 799.52 MB
Total Pagefile: 3831.95 MB
Available Pagefile: 1172.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (TI105847W0F) (Fixed) (Total:222.47 GB) (Free:141.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 249AAA6F)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by Conrad Bowen (administrator) on CBSLAPTOP on 13-08-2014 10:58:20
Running from C:\Users\Conrad Bowen\Documents\1to1Greetings\CmasProofs\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(CANON INC) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(CANON INC.) C:\Windows\System32\cnwiols6.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Dropbox, Inc.) C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Visagesoft) C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\odscanui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1569536 2014-07-29] (Bitdefender)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe [4566016 2011-08-29] (Visagesoft)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-03] (Google Inc.)
HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [814064 2014-07-29] (Bitdefender)
HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\...\MountPoints2: {0811df36-2892-11e0-8890-00266c5a3206} - E:\LaunchU3.exe -a
Startup: C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0E5BE163-B4B7-4606-86A4-9A275814FF82} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {8EACC4AA-8F68-495E-873C-25480C25810A} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {0E5BE163-B4B7-4606-86A4-9A275814FF82} URL =
SearchScopes: HKCU - {393FDADD-FD5E-4C78-B0EC-99AB99C5B656} URL = http://us.yhs4.searc...669,0,FF27,7635
SearchScopes: HKCU - {8B972E91-7C10-456B-9466-AB766B66DD94} URL = http://search.condui...6314519233&UM=2
SearchScopes: HKCU - {8EACC4AA-8F68-495E-873C-25480C25810A} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {E10195EF-867C-49D7-BCA5-77419340AE66} URL = http://www.google.co...1I7TSNA_enUS398
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Conrad Bowen\AppData\Roaming\Mozilla\Firefox\Profiles\nhg2jzjt.default-1400084744074
FF Homepage: https://www.memotoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Conrad Bowen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Conrad Bowen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CONRAD~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-06]
CHR HKCU\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [fdjkhamgopgokjmllcmpkiijndjeidcl] - C:\Users\Conrad Bowen\AppData\Local\Temp\twsfiles\trustedshopper.crx [2013-08-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2011-06-23] () [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-06-06] (Bitdefender)
R2 Canon imagePROGRAF Status Monitor; C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [739672 2011-11-18] (CANON INC)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-25] (Freemake) [File not signed]
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 iPFDeviceAgentService; C:\windows\system32\cnwiols6.exe [210944 2008-12-08] (CANON INC.) [File not signed]
R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-06-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-07-29] (Bitdefender)
S3 Adpst_im; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-26] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 10:57 - 2014-08-13 10:58 - 00000000 ____D () C:\FRST
2014-08-13 10:54 - 2014-08-13 10:54 - 02100224 _____ (Farbar) C:\Users\Conrad Bowen\Downloads\FRST64.exe
2014-08-13 10:45 - 2014-08-13 10:55 - 00000000 ___RD () C:\Users\Public\Desktop\PC Repair Tools
2014-08-07 09:28 - 2014-08-07 10:48 - 00000000 ____D () C:\AdwCleaner
2014-08-03 11:50 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-03 11:50 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-03 11:50 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-03 11:50 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-02 15:01 - 2014-08-02 15:03 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\FamHistPhotos
2014-08-02 12:44 - 2014-08-02 12:45 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\{1D023D19-8966-4978-9A51-68329401A473}
2014-08-02 07:20 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-02 07:20 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-02 07:20 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-02 07:20 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-02 07:20 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-02 07:20 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-02 07:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-02 07:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-02 07:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-02 07:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-31 11:51 - 2014-07-31 11:57 - 00000000 _____ () C:\Users\Conrad Bowen\Documents\HPLJM127_128_Fax_Port
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 07:58 - 2014-07-23 07:59 - 15344640 _____ () C:\Users\Conrad Bowen\Desktop\B+2013-12 (Portable).QBM
2014-07-22 16:18 - 2014-07-22 16:18 - 00000000 ____H () C:\Users\Conrad Bowen\Documents\Default.rdp
2014-07-18 14:16 - 2014-07-18 14:16 - 00021348 _____ () C:\Users\Conrad Bowen\Downloads\Magna-3243ThomasBrookWy.htm
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\Conrad Bowen\Downloads\Magna-3243ThomasBrookWy_files
2014-07-17 22:02 - 2014-07-17 22:02 - 00021963 _____ () C:\Users\Conrad Bowen\Downloads\Utah Legal Notices _.htm
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Conrad Bowen\Downloads\Utah Legal Notices __files
2014-07-16 06:34 - 2014-07-16 06:34 - 00000439 _____ () C:\Users\Conrad Bowen\AppData\Roaminguser_gensett.xml
2014-07-16 06:32 - 2014-07-16 06:32 - 00000385 _____ () C:\windows\system32\user_gensett.xml
2014-07-15 16:23 - 2014-07-15 16:23 - 00074512 _____ (BitDefender SRL) C:\windows\system32\bdsandboxuiskin32.dll
2014-07-15 15:57 - 2014-07-15 15:57 - 00642321 _____ () C:\ProgramData\1405460457.bdinstall.bin
2014-07-15 15:54 - 2014-07-15 15:54 - 00000684 ____H () C:\bdr-cf01
2014-07-15 15:53 - 2014-07-15 16:10 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-15 15:53 - 2014-07-15 15:53 - 00002137 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-07-15 15:53 - 2014-07-15 15:53 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-15 15:53 - 2014-07-15 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-15 15:52 - 2013-12-02 12:58 - 00635392 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2014-07-15 15:52 - 2013-12-02 12:56 - 00893440 _____ (BitDefender) C:\windows\system32\Drivers\avc3.sys
2014-07-15 15:52 - 2013-11-13 16:41 - 00093600 _____ (BitDefender LLC) C:\windows\system32\Drivers\BdfNdisf6.sys
2014-07-15 15:52 - 2013-11-04 16:47 - 00082824 _____ (BitDefender SRL) C:\windows\system32\Drivers\bdsandbox.sys
2014-07-15 15:52 - 2013-11-04 16:47 - 00074512 _____ (BitDefender SRL) C:\windows\SysWOW64\bdsandboxuiskin32.dll
2014-07-15 15:52 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\windows\system32\Drivers\avchv.sys
2014-07-15 15:52 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\windows\system32\Drivers\bdvedisk.sys
2014-07-15 15:52 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\windows\capicom.dll
2014-07-15 15:50 - 2014-07-15 16:12 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\Bitdefender
2014-07-15 15:50 - 2014-07-15 15:54 - 00253404 ____H () C:\bdr-ld01
2014-07-15 15:50 - 2014-07-15 15:54 - 00009216 ____H () C:\bdr-ld01.mbr
2014-07-15 15:50 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz
2014-07-15 15:50 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01
2014-07-15 15:41 - 2014-07-15 15:55 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-15 15:41 - 2014-07-15 15:50 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-15 15:41 - 2013-11-04 16:47 - 00084848 _____ (BitDefender SRL) C:\windows\system32\BDSandBoxUISkin.dll
2014-07-15 15:41 - 2013-11-04 16:46 - 00034384 _____ (BitDefender SRL) C:\windows\system32\BDSandBoxUH.dll
2014-07-15 15:41 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\windows\system32\Drivers\gzflt.sys
2014-07-15 15:41 - 2013-08-07 13:46 - 00389240 _____ (BitDefender S.R.L.) C:\windows\system32\Drivers\trufos.sys
2014-07-15 15:40 - 2014-07-15 15:40 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\QuickScan
2014-07-15 15:26 - 2014-08-07 10:50 - 00053510 _____ () C:\windows\PFRO.log
2014-07-15 15:23 - 2014-07-15 15:41 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-15 15:22 - 2014-07-15 15:23 - 06770080 _____ () C:\Users\Conrad Bowen\Downloads\bitdefender_tsecurity.exe
2014-07-15 14:47 - 2014-08-05 16:52 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 14:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-15 14:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-15 14:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-15 14:45 - 2014-07-15 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad Bowen\Downloads\mbam-setup-2.0.2.1012.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 11:02 - 2013-10-10 19:57 - 01216892 _____ () C:\windows\WindowsUpdate.log
2014-08-13 10:58 - 2014-08-13 10:57 - 00000000 ____D () C:\FRST
2014-08-13 10:55 - 2014-08-13 10:45 - 00000000 ___RD () C:\Users\Public\Desktop\PC Repair Tools
2014-08-13 10:54 - 2014-08-13 10:54 - 02100224 _____ (Farbar) C:\Users\Conrad Bowen\Downloads\FRST64.exe
2014-08-13 10:49 - 2012-04-13 19:58 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 10:42 - 2014-02-27 15:05 - 00000604 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4154370108-1394326414-2424723564-1000.job
2014-08-13 10:40 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-13 10:29 - 2010-09-21 16:29 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 09:37 - 2010-09-21 16:29 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 09:22 - 2009-07-13 23:13 - 00926884 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-07 11:02 - 2009-07-13 22:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-07 11:02 - 2009-07-13 22:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-07 10:53 - 2014-06-05 20:21 - 00000000 ___RD () C:\Users\Conrad Bowen\Dropbox
2014-08-07 10:53 - 2014-06-05 20:17 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\Dropbox
2014-08-07 10:51 - 2014-05-30 09:21 - 00005701 _____ () C:\windows\setupact.log
2014-08-07 10:51 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-07 10:50 - 2014-07-15 15:26 - 00053510 _____ () C:\windows\PFRO.log
2014-08-07 10:48 - 2014-08-07 09:28 - 00000000 ____D () C:\AdwCleaner
2014-08-05 19:17 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-08-05 16:52 - 2014-07-15 14:47 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 12:34 - 2014-01-26 10:40 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\Primary
2014-08-02 15:03 - 2014-08-02 15:01 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\FamHistPhotos
2014-08-02 12:45 - 2014-08-02 12:44 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\{1D023D19-8966-4978-9A51-68329401A473}
2014-08-02 12:44 - 2010-10-27 08:17 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\Windows Live
2014-08-01 20:01 - 2011-05-27 09:20 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-08-01 14:02 - 2014-03-27 19:33 - 00271360 _____ () C:\Users\Conrad Bowen\Documents\Outlook backup.pst
2014-08-01 13:07 - 2010-10-12 21:15 - 00000000 ____D () C:\windows\Minidump
2014-07-31 14:38 - 2010-09-22 06:52 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\USR
2014-07-31 11:57 - 2014-07-31 11:51 - 00000000 _____ () C:\Users\Conrad Bowen\Documents\HPLJM127_128_Fax_Port
2014-07-31 11:51 - 2014-05-19 16:35 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\HP
2014-07-30 20:56 - 2012-04-24 14:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 09:48 - 2012-05-11 17:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 09:48 - 2012-05-11 17:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 17:49 - 2012-05-11 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 16:58 - 2014-06-05 20:19 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 07:59 - 2014-07-23 07:58 - 15344640 _____ () C:\Users\Conrad Bowen\Desktop\B+2013-12 (Portable).QBM
2014-07-22 16:18 - 2014-07-22 16:18 - 00000000 ____H () C:\Users\Conrad Bowen\Documents\Default.rdp
2014-07-22 12:10 - 2011-10-07 14:32 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\Bergenthal
2014-07-18 14:16 - 2014-07-18 14:16 - 00021348 _____ () C:\Users\Conrad Bowen\Downloads\Magna-3243ThomasBrookWy.htm
2014-07-18 14:16 - 2014-07-18 14:16 - 00000000 ____D () C:\Users\Conrad Bowen\Downloads\Magna-3243ThomasBrookWy_files
2014-07-17 22:02 - 2014-07-17 22:02 - 00021963 _____ () C:\Users\Conrad Bowen\Downloads\Utah Legal Notices _.htm
2014-07-17 22:02 - 2014-07-17 22:02 - 00000000 ____D () C:\Users\Conrad Bowen\Downloads\Utah Legal Notices __files
2014-07-16 14:49 - 2009-07-13 23:32 - 00000000 ____D () C:\windows\Offline Web Pages
2014-07-16 06:34 - 2014-07-16 06:34 - 00000439 _____ () C:\Users\Conrad Bowen\AppData\Roaminguser_gensett.xml
2014-07-16 06:32 - 2014-07-16 06:32 - 00000385 _____ () C:\windows\system32\user_gensett.xml
2014-07-15 16:23 - 2014-07-15 16:23 - 00074512 _____ (BitDefender SRL) C:\windows\system32\bdsandboxuiskin32.dll
2014-07-15 16:12 - 2014-07-15 15:50 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\Bitdefender
2014-07-15 16:10 - 2014-07-15 15:53 - 00000000 ____D () C:\ProgramData\BDLogging
2014-07-15 15:57 - 2014-07-15 15:57 - 00642321 _____ () C:\ProgramData\1405460457.bdinstall.bin
2014-07-15 15:55 - 2014-07-15 15:41 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-07-15 15:54 - 2014-07-15 15:54 - 00000684 ____H () C:\bdr-cf01
2014-07-15 15:54 - 2014-07-15 15:50 - 00253404 ____H () C:\bdr-ld01
2014-07-15 15:54 - 2014-07-15 15:50 - 00009216 ____H () C:\bdr-ld01.mbr
2014-07-15 15:53 - 2014-07-15 15:53 - 00002137 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2014-07-15 15:53 - 2014-07-15 15:53 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-07-15 15:53 - 2014-07-15 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2014-07-15 15:50 - 2014-07-15 15:41 - 00000000 ____D () C:\Program Files\Bitdefender
2014-07-15 15:41 - 2014-07-15 15:23 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-07-15 15:40 - 2014-07-15 15:40 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\QuickScan
2014-07-15 15:37 - 2011-02-02 11:24 - 00001945 _____ () C:\windows\epplauncher.mif
2014-07-15 15:23 - 2014-07-15 15:22 - 06770080 _____ () C:\Users\Conrad Bowen\Downloads\bitdefender_tsecurity.exe
2014-07-15 15:05 - 2010-09-21 14:26 - 00000000 ____D () C:\Users\Conrad Bowen
2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 14:46 - 2014-07-15 14:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 14:45 - 2014-07-15 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Conrad Bowen\Downloads\mbam-setup-2.0.2.1012.exe

Some content of TEMP:
====================
C:\Users\Conrad Bowen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmelckt.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 08:55

==================== End Of Log ============================

 

Thank you guys for your time, you really make a difference! :spoton:


Edited by Spencer4134, 13 August 2014 - 12:21 PM.

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi Spencer4134,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

While I'm going over your logs (thanks for those by the way) can you tell me why you are trying to run aswMBR?
  • 0

#3
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Because in every problem I come here with, they instruct me to run FRST and aswMBR. I am also very suspicious that I might have a ton of adware, as this is a much older and more used pc.

 

Also, correct me if I'm wrong, but I noticed I might not be using the normal desktop? Normally it's under C:\Users\{Username}\Desktop, but this is in C:\Users\{Username}\Documents\1to1Greetings\CmasProofs\Desktop. I have noticed that I have BOTH desktop folders, but the first one mentioned has different files that are not on my desktop. What REALLY gets me is that it appears to be IN A USER CREATED FOLDER. That means it was not originally set to this. Do you know what could've happened?

 

If I should not have attempted to run aswMBR, please let me know. I try to be careful and follow advice from you guys, but I also tend to try to speed things up a bit.


  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

That's ok; I was just wondering if you thought you had a rootkit.  Yes, I do see evidence of adware on the system and we will check on the desktop thing before we are through.
 
One point is the BitDefender Total Security; if you have that on AutoPilot then it may have blocked the aswMBR.exe from running and not even shown a warning (this is what AutoPilot means; the program handles all decisions for the user and keeps them safe that way). 
 
I see that you have Malwarebytes Antimalware installed; does it run ok?  If it does then please run the following:
 
Malwarebytes Anti-Rootkit scan

  • Download Malwarebytes Anti-Rootkit from here to your desktop.
  • Run the file and follow the onscreen instructions to extract it to your desktop (by default)
  • Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats
  • When the scan is finished, even if malware is found, please do not click the CleanUp button.  Just exit the program; it will make a log file as it closes.
  • On your desktop is a folder named mbar; inside it is a log file named mbar-log-date(time).txt.  Please open this file and copy / paste the text here for review.

  • 0

#5
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

I'm pretty sure I had disabled Bitdefender for it, though.

 

MBAR:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.14.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Conrad Bowen :: CBSLAPTOP [administrator]

8/14/2014 3:20:40 PM
mbar-log-2014-08-14 (15-20-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 307036
Time elapsed: 15 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


Edited by Spencer4134, 14 August 2014 - 03:51 PM.

  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you for the log.  I am working on your logs right now and will get you a fix as soon as it is approved.


  • 0

#7
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Ok. I will not have access to this computer until Monday, just so you know. Thank you


  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Hi Spencer4134,

I have finished looking over your logs and have some steps to help clean your system. If you don't have any questions, then let's get to it.

Step1 - Manual Uninstalls

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Freemake Video Converter version 4.1.3
Yahoo! BrowserPlus 2.9.8



To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


Step2 - FRST64 Fix run

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to the desktop as fixlist.txt.
 

start
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {393FDADD-FD5E-4C78-B0EC-99AB99C5B656} URL = http://us.yhs4.searc...669,0,FF27,7635
SearchScopes: HKCU - {8B972E91-7C10-456B-9466-AB766B66DD94} URL = http://search.condui...6314519233&UM=2
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Conrad Bowen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
C:\Users\Conrad Bowen\AppData\Local\Yahoo!\BrowserPlus
CHR HKCU\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [fdjkhamgopgokjmllcmpkiijndjeidcl] - C:\Users\Conrad Bowen\AppData\Local\Temp\twsfiles\trustedshopper.crx [2013-08-07]
S3 Adpst_im; No ImagePath
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-26] ()
C:\Windows\System32\DRIVERS\SWDUMon.sys
Task: {13F6AA28-AE48-4601-8D68-66DEBC30ABDA} - System32\Tasks\{2445BE4C-1F50-410B-AF68-A057FC5EBB31} => C:\Users\Conrad Bowen\Desktop\winzip121.exe
Task: {1ACC2C94-A80C-49E7-BFDA-38C05FE6F7DB} - System32\Tasks\{E4611E08-D5B5-496C-9544-AD1B7C299FD0} => Firefox.exe
Task: {2CA33F08-846C-44AF-A112-82C25E1ABEED} - System32\Tasks\{75CF7C7B-9F3F-416E-B5B5-9FE1C4F05C4C} => Firefox.exe
Task: {69881864-55FD-4570-A77F-4D203B0EBA86} - System32\Tasks\{2B21AEF8-ED8D-4C64-81AA-89B9BE7569CE} => C:\Users\Conrad Bowen\Desktop\winzip121.exe
Task: {6CEEE651-460C-45FE-A373-5FE34F815266} - System32\Tasks\{240348F0-D786-4E27-A973-3E98D0FB417E} => Firefox.exe
Task: {E0F931BA-49A8-49E6-B32F-D34F62A0AA21} - System32\Tasks\{7D51BA00-EF02-4CAE-B3B6-213E45E98A05} => Firefox.exe
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
AlternateDataStreams: C:\Users\Conrad Bowen\Downloads\FRST64.exe:BDU
CMD: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
EmptyTemp:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Step3 - Fresh look with FRST64

To verify what has been changed, let's get a fresh look with FRST64.

  • Right click on the FRST64.exe file on your desktop and select "Run as administrator.." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Things to reply back with:

  • How did the uninstalls go?
  • The FRST Fixlog.txt log text.
  • The new FRST.txt log text.
  • Any questions you have.
  • How is your system running now? (Still not finished yet but I like to check as we go.)

  • 0

#9
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

The uninstalls seemed to work out fine :yes:

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by Conrad Bowen at 2014-08-18 15:01:57 Run:1
Running from C:\Users\Conrad Bowen\Documents\1to1Greetings\CmasProofs\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKCU - {393FDADD-FD5E-4C78-B0EC-99AB99C5B656} URL = http://us.yhs4.searc...669,0,FF27,7635
SearchScopes: HKCU - {8B972E91-7C10-456B-9466-AB766B66DD94} URL = http://search.condui...6314519233&UM=2
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - No Name - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Conrad Bowen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
C:\Users\Conrad Bowen\AppData\Local\Yahoo!\BrowserPlus
CHR HKCU\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [fdjkhamgopgokjmllcmpkiijndjeidcl] - C:\Users\Conrad Bowen\AppData\Local\Temp\twsfiles\trustedshopper.crx [2013-08-07]
S3 Adpst_im; No ImagePath
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-02-26] ()
C:\Windows\System32\DRIVERS\SWDUMon.sys
Task: {13F6AA28-AE48-4601-8D68-66DEBC30ABDA} - System32\Tasks\{2445BE4C-1F50-410B-AF68-A057FC5EBB31} => C:\Users\Conrad Bowen\Desktop\winzip121.exe
Task: {1ACC2C94-A80C-49E7-BFDA-38C05FE6F7DB} - System32\Tasks\{E4611E08-D5B5-496C-9544-AD1B7C299FD0} => Firefox.exe
Task: {2CA33F08-846C-44AF-A112-82C25E1ABEED} - System32\Tasks\{75CF7C7B-9F3F-416E-B5B5-9FE1C4F05C4C} => Firefox.exe
Task: {69881864-55FD-4570-A77F-4D203B0EBA86} - System32\Tasks\{2B21AEF8-ED8D-4C64-81AA-89B9BE7569CE} => C:\Users\Conrad Bowen\Desktop\winzip121.exe
Task: {6CEEE651-460C-45FE-A373-5FE34F815266} - System32\Tasks\{240348F0-D786-4E27-A973-3E98D0FB417E} => Firefox.exe
Task: {E0F931BA-49A8-49E6-B32F-D34F62A0AA21} - System32\Tasks\{7D51BA00-EF02-4CAE-B3B6-213E45E98A05} => Firefox.exe
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
AlternateDataStreams: C:\Users\Conrad Bowen\Downloads\FRST64.exe:BDU
CMD: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
EmptyTemp:
end
*****************

C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{393FDADD-FD5E-4C78-B0EC-99AB99C5B656}" => Key deleted successfully.
"HKCR\CLSID\{393FDADD-FD5E-4C78-B0EC-99AB99C5B656}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B972E91-7C10-456B-9466-AB766B66DD94}" => Key deleted successfully.
"HKCR\CLSID\{8B972E91-7C10-456B-9466-AB766B66DD94}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\!{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
"HKCR\PROTOCOLS\Handler\intu-help-qb4" => Key deleted successfully.
"HKCR\CLSID\{ACE22922-D07C-4860-B51B-8CF472FEC2CB}" => Key not found.
"HKCR\PROTOCOLS\Handler\qbwc" => Key deleted successfully.
"HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Moved successfully.
"HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8" => Key not found.
C:\Users\Conrad Bowen\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll not found.
"C:\Users\Conrad Bowen\AppData\Local\Yahoo!\BrowserPlus" => File/Directory not found.
"HKCU\SOFTWARE\Google\Chrome\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil" => Key deleted successfully.
C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil" => Key deleted successfully.
"C:\Users\Conrad Bowen\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdjkhamgopgokjmllcmpkiijndjeidcl" => Key deleted successfully.
"C:\Users\Conrad Bowen\AppData\Local\Temp\twsfiles\trustedshopper.crx" => File/Directory not found.
Adpst_im => Service deleted successfully.
SWDUMon => Service deleted successfully.
C:\Windows\System32\DRIVERS\SWDUMon.sys => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13F6AA28-AE48-4601-8D68-66DEBC30ABDA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13F6AA28-AE48-4601-8D68-66DEBC30ABDA}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2445BE4C-1F50-410B-AF68-A057FC5EBB31} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2445BE4C-1F50-410B-AF68-A057FC5EBB31}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ACC2C94-A80C-49E7-BFDA-38C05FE6F7DB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ACC2C94-A80C-49E7-BFDA-38C05FE6F7DB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E4611E08-D5B5-496C-9544-AD1B7C299FD0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4611E08-D5B5-496C-9544-AD1B7C299FD0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CA33F08-846C-44AF-A112-82C25E1ABEED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CA33F08-846C-44AF-A112-82C25E1ABEED}" => Key deleted successfully.
C:\Windows\System32\Tasks\{75CF7C7B-9F3F-416E-B5B5-9FE1C4F05C4C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75CF7C7B-9F3F-416E-B5B5-9FE1C4F05C4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69881864-55FD-4570-A77F-4D203B0EBA86}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69881864-55FD-4570-A77F-4D203B0EBA86}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2B21AEF8-ED8D-4C64-81AA-89B9BE7569CE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B21AEF8-ED8D-4C64-81AA-89B9BE7569CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CEEE651-460C-45FE-A373-5FE34F815266}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CEEE651-460C-45FE-A373-5FE34F815266}" => Key deleted successfully.
C:\Windows\System32\Tasks\{240348F0-D786-4E27-A973-3E98D0FB417E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{240348F0-D786-4E27-A973-3E98D0FB417E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F931BA-49A8-49E6-B32F-D34F62A0AA21}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F931BA-49A8-49E6-B32F-D34F62A0AA21}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7D51BA00-EF02-4CAE-B3B6-213E45E98A05} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D51BA00-EF02-4CAE-B3B6-213E45E98A05}" => Key deleted successfully.
C:\ProgramData\TEMP => ":D346F792" ADS removed successfully.
C:\Users\Conrad Bowen\Downloads\FRST64.exe => ":BDU" ADS removed successfully.

=========  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" =========


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    AppData    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming
    Cache    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
    Cookies    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
    Desktop    REG_EXPAND_SZ    %USERPROFILE%\Documents\1to1Greetings\CmasProofs\Desktop
    Favorites    REG_EXPAND_SZ    %USERPROFILE%\Favorites
    History    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Microsoft\Windows\History
    Local AppData    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local
    My Music    REG_EXPAND_SZ    %USERPROFILE%\Music
    My Pictures    REG_EXPAND_SZ    %USERPROFILE%\Pictures
    My Video    REG_EXPAND_SZ    %USERPROFILE%\Videos
    NetHood    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
    Personal    REG_EXPAND_SZ    %USERPROFILE%\Documents
    Programs    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
    Recent    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
    SendTo    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
    Startup    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    Start Menu    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
    Templates    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
    {374DE290-123F-4565-9164-39C4925E467B}    REG_EXPAND_SZ    %USERPROFILE%\Downloads
    PrintHood    REG_EXPAND_SZ    %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
    {7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}    REG_EXPAND_SZ    %USERPROFILE%\Documents\USR\Closed-Sell&Buy\Btfl-44w1400S-Barlow\Searches
    {BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}    REG_EXPAND_SZ    %USERPROFILE%\Documents\USR\Listed-CB-Current\Links


========= End of CMD: =========

EmptyTemp: => Removed 513.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Conrad Bowen (administrator) on CBSLAPTOP on 18-08-2014 15:17:40
Running from C:\Users\Conrad Bowen\Documents\1to1Greetings\CmasProofs\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(CANON INC) C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Dropbox, Inc.) C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Visagesoft) C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1569536 2014-07-29] (Bitdefender)
HKLM-x32\...\Run: [vspdfprsrv.exe] => C:\Program Files (x86)\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe [4566016 2011-08-29] (Visagesoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-03] (Google Inc.)
HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [814064 2014-07-29] (Bitdefender)
HKU\S-1-5-21-4154370108-1394326414-2424723564-1000\...\MountPoints2: {0811df36-2892-11e0-8890-00266c5a3206} - E:\LaunchU3.exe -a
Startup: C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Conrad Bowen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0E5BE163-B4B7-4606-86A4-9A275814FF82} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {8EACC4AA-8F68-495E-873C-25480C25810A} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {0E5BE163-B4B7-4606-86A4-9A275814FF82} URL =
SearchScopes: HKCU - {8EACC4AA-8F68-495E-873C-25480C25810A} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {E10195EF-867C-49D7-BCA5-77419340AE66} URL = http://www.google.co...1I7TSNA_enUS398
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Conrad Bowen\AppData\Roaming\Mozilla\Firefox\Profiles\nhg2jzjt.default-1400084744074
FF Homepage: https://www.memotoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Conrad Bowen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-15]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CONRAD~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2011-06-23] () [File not signed]
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-06-06] (Bitdefender)
R2 Canon imagePROGRAF Status Monitor; C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [739672 2011-11-18] (CANON INC)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
S2 iPFDeviceAgentService; C:\windows\system32\cnwiols6.exe [210944 2008-12-08] (CANON INC.) [File not signed]
R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-06-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-07-29] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2013-12-02] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2013-12-02] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 15:20 - 2014-08-14 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-14 15:14 - 2014-08-14 15:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Conrad Bowen\Downloads\mbar-1.07.0.1012.exe
2014-08-13 13:09 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-13 13:09 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-13 13:09 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-13 13:09 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-13 13:09 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-13 13:09 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-13 13:09 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-13 13:09 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-13 12:09 - 2014-08-15 14:32 - 00000409 _____ () C:\windows\system32\checkdnsid.xml
2014-08-13 11:30 - 2014-08-13 11:30 - 05185536 _____ (AVAST Software) C:\Users\Conrad Bowen\Downloads\aswmbr.exe
2014-08-13 10:57 - 2014-08-18 15:17 - 00000000 ____D () C:\FRST
2014-08-13 10:54 - 2014-08-13 10:54 - 02100224 _____ (Farbar) C:\Users\Conrad Bowen\Downloads\FRST64.exe
2014-08-13 10:45 - 2014-08-13 11:30 - 00000000 ___RD () C:\Users\Public\Desktop\PC Repair Tools
2014-08-13 10:01 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 10:01 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 10:01 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 10:01 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 10:01 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 10:01 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-13 10:01 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-13 10:01 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-13 10:01 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-13 10:01 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-13 10:01 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 10:01 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-13 10:01 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 10:01 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-13 10:00 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 10:00 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-13 09:59 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 09:59 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 09:59 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-13 09:59 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 09:59 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-13 09:59 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-13 09:59 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-13 09:58 - 2014-07-31 17:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 09:58 - 2014-07-31 17:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-13 09:58 - 2014-07-25 08:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 09:58 - 2014-07-25 08:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 09:58 - 2014-07-25 08:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 09:58 - 2014-07-25 07:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-13 09:58 - 2014-07-25 07:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 09:58 - 2014-07-25 07:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 09:58 - 2014-07-25 07:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 09:58 - 2014-07-25 07:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 09:58 - 2014-07-25 07:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 09:58 - 2014-07-25 07:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 09:58 - 2014-07-25 07:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 09:58 - 2014-07-25 07:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-13 09:58 - 2014-07-25 07:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 09:58 - 2014-07-25 07:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 09:58 - 2014-07-25 07:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 09:58 - 2014-07-25 06:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 09:58 - 2014-07-25 06:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 09:58 - 2014-07-25 06:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 09:58 - 2014-07-25 06:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-13 09:58 - 2014-07-25 06:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-13 09:58 - 2014-07-25 06:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-13 09:58 - 2014-07-25 06:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-13 09:58 - 2014-07-25 06:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 09:58 - 2014-07-25 06:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 09:58 - 2014-07-25 06:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-13 09:58 - 2014-07-25 06:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 09:58 - 2014-07-25 06:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-13 09:58 - 2014-07-25 06:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 09:58 - 2014-07-25 06:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-13 09:58 - 2014-07-25 06:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-13 09:58 - 2014-07-25 06:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 09:58 - 2014-07-25 06:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-13 09:58 - 2014-07-25 06:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-13 09:58 - 2014-07-25 06:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-13 09:58 - 2014-07-25 05:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-13 09:58 - 2014-07-25 05:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 09:58 - 2014-07-25 05:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 09:58 - 2014-07-25 05:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 09:58 - 2014-07-25 05:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 09:58 - 2014-07-25 05:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 09:58 - 2014-07-25 05:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-13 09:58 - 2014-07-25 05:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-13 09:58 - 2014-07-25 05:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-13 09:58 - 2014-07-25 05:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 09:58 - 2014-07-25 05:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-13 09:58 - 2014-07-25 05:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-13 09:58 - 2014-07-25 05:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-13 09:58 - 2014-07-25 05:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-13 09:58 - 2014-07-25 04:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 09:58 - 2014-07-25 04:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 09:58 - 2014-07-25 04:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 09:58 - 2014-07-25 04:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-13 09:58 - 2014-07-25 04:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-13 09:58 - 2014-07-25 04:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-13 09:58 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 09:58 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-13 09:58 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 09:57 - 2014-07-15 21:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-13 09:57 - 2014-07-15 20:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-13 09:57 - 2014-07-15 20:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-13 09:54 - 2014-08-06 20:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-13 09:54 - 2014-08-06 20:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-07 09:28 - 2014-08-07 10:48 - 00000000 ____D () C:\AdwCleaner
2014-08-03 11:50 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-03 11:50 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-03 11:50 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-03 11:50 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-02 15:01 - 2014-08-02 15:03 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\FamHistPhotos
2014-08-02 12:44 - 2014-08-02 12:45 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\{1D023D19-8966-4978-9A51-68329401A473}
2014-08-02 07:20 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-02 07:20 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-02 07:20 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-02 07:20 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-02 07:20 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-02 07:20 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-02 07:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-02 07:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-02 07:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-02 07:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-31 11:51 - 2014-07-31 11:57 - 00000000 _____ () C:\Users\Conrad Bowen\Documents\HPLJM127_128_Fax_Port
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 07:58 - 2014-07-23 07:59 - 15344640 _____ () C:\Users\Conrad Bowen\Desktop\B+2013-12 (Portable).QBM
2014-07-22 16:18 - 2014-07-22 16:18 - 00000000 ____H () C:\Users\Conrad Bowen\Documents\Default.rdp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 15:17 - 2014-08-13 10:57 - 00000000 ____D () C:\FRST
2014-08-18 15:13 - 2009-07-13 22:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 15:13 - 2009-07-13 22:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 15:07 - 2014-06-05 20:21 - 00000000 ___RD () C:\Users\Conrad Bowen\Dropbox
2014-08-18 15:07 - 2014-06-05 20:17 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\Dropbox
2014-08-18 15:07 - 2010-09-21 16:29 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 15:06 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-18 15:05 - 2014-07-15 15:26 - 00054242 _____ () C:\windows\PFRO.log
2014-08-18 15:05 - 2014-05-30 09:21 - 00006541 _____ () C:\windows\setupact.log
2014-08-18 15:05 - 2009-07-13 22:45 - 00440928 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-18 15:03 - 2013-10-10 19:57 - 01974048 _____ () C:\windows\WindowsUpdate.log
2014-08-18 15:02 - 2013-08-20 00:26 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\CRE
2014-08-18 14:49 - 2012-04-13 19:58 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 14:44 - 2013-08-20 00:24 - 00000000 ____D () C:\ProgramData\Freemake
2014-08-18 14:44 - 2013-08-20 00:23 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-08-18 14:30 - 2014-02-27 15:05 - 00000604 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4154370108-1394326414-2424723564-1000.job
2014-08-18 14:29 - 2010-09-21 16:29 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 13:48 - 2009-07-13 23:13 - 00926884 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-17 12:08 - 2014-01-26 10:40 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\Primary
2014-08-16 15:07 - 2009-07-13 23:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-08-15 14:37 - 2012-05-17 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-15 14:32 - 2014-08-13 12:09 - 00000409 _____ () C:\windows\system32\checkdnsid.xml
2014-08-14 23:58 - 2011-05-27 09:20 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2014-08-14 15:42 - 2014-08-14 15:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-14 15:19 - 2014-07-15 14:46 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-14 15:16 - 2014-07-15 14:47 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 15:14 - 2014-08-14 15:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Conrad Bowen\Downloads\mbar-1.07.0.1012.exe
2014-08-14 14:17 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-08-14 11:19 - 2014-06-05 20:19 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 11:07 - 2009-07-13 22:45 - 00018432 _____ () C:\windows\system32\umstartup.etl
2014-08-13 17:36 - 2011-10-07 14:32 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\Bergenthal
2014-08-13 13:34 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-13 13:31 - 2010-06-24 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 13:20 - 2013-08-06 17:14 - 00000000 ____D () C:\windows\system32\MRT
2014-08-13 13:16 - 2010-09-29 09:22 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-13 13:08 - 2014-05-05 23:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-13 12:42 - 2014-02-27 15:05 - 00003646 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4154370108-1394326414-2424723564-1000
2014-08-13 11:50 - 2011-03-01 12:12 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\CrashDumps
2014-08-13 11:30 - 2014-08-13 11:30 - 05185536 _____ (AVAST Software) C:\Users\Conrad Bowen\Downloads\aswmbr.exe
2014-08-13 11:30 - 2014-08-13 10:45 - 00000000 ___RD () C:\Users\Public\Desktop\PC Repair Tools
2014-08-13 10:54 - 2014-08-13 10:54 - 02100224 _____ (Farbar) C:\Users\Conrad Bowen\Downloads\FRST64.exe
2014-08-13 10:40 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-07 10:48 - 2014-08-07 09:28 - 00000000 ____D () C:\AdwCleaner
2014-08-06 20:06 - 2014-08-13 09:54 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 20:01 - 2014-08-13 09:54 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-02 15:03 - 2014-08-02 15:01 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\FamHistPhotos
2014-08-02 12:45 - 2014-08-02 12:44 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\{1D023D19-8966-4978-9A51-68329401A473}
2014-08-02 12:44 - 2010-10-27 08:17 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\Windows Live
2014-08-01 14:02 - 2014-03-27 19:33 - 00271360 _____ () C:\Users\Conrad Bowen\Documents\Outlook backup.pst
2014-08-01 13:07 - 2010-10-12 21:15 - 00000000 ____D () C:\windows\Minidump
2014-07-31 17:41 - 2014-08-13 09:58 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-31 17:16 - 2014-08-13 09:58 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-31 14:38 - 2010-09-22 06:52 - 00000000 ____D () C:\Users\Conrad Bowen\Documents\USR
2014-07-31 11:57 - 2014-07-31 11:51 - 00000000 _____ () C:\Users\Conrad Bowen\Documents\HPLJM127_128_Fax_Port
2014-07-31 11:51 - 2014-05-19 16:35 - 00000000 ____D () C:\Users\Conrad Bowen\AppData\Local\HP
2014-07-30 20:56 - 2012-04-24 14:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-29 14:10 - 2014-07-29 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 09:48 - 2012-05-11 17:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 09:48 - 2012-05-11 17:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 17:49 - 2012-05-11 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 08:52 - 2014-08-13 09:58 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 08:02 - 2014-08-13 09:58 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 08:01 - 2014-08-13 09:58 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 07:51 - 2014-08-13 09:58 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 07:30 - 2014-08-13 09:58 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 07:28 - 2014-08-13 09:58 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 07:28 - 2014-08-13 09:58 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 07:25 - 2014-08-13 09:58 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 07:25 - 2014-08-13 09:58 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 07:11 - 2014-08-13 09:58 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 07:10 - 2014-08-13 09:58 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 07:04 - 2014-08-13 09:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 07:03 - 2014-08-13 09:58 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 07:00 - 2014-08-13 09:58 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 07:00 - 2014-08-13 09:58 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 06:59 - 2014-08-13 09:58 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 06:47 - 2014-08-13 09:58 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 06:40 - 2014-08-13 09:58 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 06:34 - 2014-08-13 09:58 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 06:34 - 2014-08-13 09:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 06:33 - 2014-08-13 09:58 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 06:30 - 2014-08-13 09:58 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 06:28 - 2014-08-13 09:58 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 06:28 - 2014-08-13 09:58 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 06:21 - 2014-08-13 09:58 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 06:19 - 2014-08-13 09:58 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 06:18 - 2014-08-13 09:58 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 06:17 - 2014-08-13 09:58 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 06:17 - 2014-08-13 09:58 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 06:12 - 2014-08-13 09:58 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 06:10 - 2014-08-13 09:58 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 06:10 - 2014-08-13 09:58 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 06:08 - 2014-08-13 09:58 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 06:06 - 2014-08-13 09:58 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 05:52 - 2014-08-13 09:58 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 05:47 - 2014-08-13 09:58 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 05:43 - 2014-08-13 09:58 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 05:42 - 2014-08-13 09:58 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 05:39 - 2014-08-13 09:58 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 05:39 - 2014-08-13 09:58 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 05:36 - 2014-08-13 09:58 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 05:34 - 2014-08-13 09:58 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 05:29 - 2014-08-13 09:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 05:23 - 2014-08-13 09:58 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 05:13 - 2014-08-13 09:58 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 05:07 - 2014-08-13 09:58 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 05:07 - 2014-08-13 09:58 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 05:03 - 2014-08-13 09:58 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 04:52 - 2014-08-13 09:58 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 04:26 - 2014-08-13 09:58 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 04:17 - 2014-08-13 09:58 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 04:09 - 2014-08-13 09:58 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 04:05 - 2014-08-13 09:58 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 04:00 - 2014-08-13 09:58 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-23 07:59 - 2014-07-23 07:58 - 15344640 _____ () C:\Users\Conrad Bowen\Desktop\B+2013-12 (Portable).QBM
2014-07-22 16:18 - 2014-07-22 16:18 - 00000000 ____H () C:\Users\Conrad Bowen\Documents\Default.rdp

Some content of TEMP:
====================
C:\Users\Conrad Bowen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzbq99h.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 08:42

==================== End Of Log ============================

 

The computer is running a LOT faster now! Still is semi slow, but now I can right click on the desktop and, depending how long the pc has been on, it will show an hourglass for a little bit and then show the right click menu. No more desktop going unresponsive :D


  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

This looks a lot better.  :spoton:

 

Let's get a look with AdwCleaner (for bits that don't show in some of the scanners):

 

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

 

 

Second ....

Let me know how you would like the Desktop setting handled.  I can give you a Registry file to merge (which will only change the setting and not delete anything on the current 'Desktop') or I can give you manual directions on how to change the Desktop.  The choice is yours.


  • 0

Advertisements


#11
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

adwCleaner:

 

# AdwCleaner v3.307 - Report created 18/08/2014 at 16:17:51
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Conrad Bowen - CBSLAPTOP
# Running from : C:\Users\Conrad Bowen\Documents\1to1Greetings\CmasProofs\Desktop\adwcleaner_3.307.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Conrad Bowen\AppData\Roaming\Mozilla\Firefox\Profiles\nhg2jzjt.default-1400084744074\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [6366 octets] - [07/08/2014 09:28:22]
AdwCleaner[R1].txt - [6426 octets] - [07/08/2014 10:35:15]
AdwCleaner[R2].txt - [3154 octets] - [18/08/2014 16:17:51]
AdwCleaner[S0].txt - [6100 octets] - [07/08/2014 10:47:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [3274 octets] ##########
 

Before we take care of the desktop, I have a question. Will leaving it as it is cause ANY possible errors, problems, or differences?

 

Thanks!


  • 0

#12
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

I will check with my advisor on this but my experience says it is possible; if for nothing else, other than some programs may have used (hard coded) the regular location (%USERPROFILE%\Desktop) and this will inhibit, or even hang, the running of these programs.

 

How is the machine running otherwise?


  • 0

#13
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

I checked with my advisor and we will leave the desktop until later (last most likely as all the shortcuts will have to be reset, etc.).
 
Let's continue with the cleaning ....

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


Post back with ....

  • Questions / comments.
  • AdwCleaner clean log
  • JRT log.

  • 0

#14
Spencer4134

Spencer4134

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

adwCleaner:

 

# AdwCleaner v3.307 - Report created 19/08/2014 at 15:47:27
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Conrad Bowen - CBSLAPTOP
# Running from : C:\Users\Conrad Bowen\Documents\1to1Greetings\CmasProofs\Desktop\adwcleaner_3.307.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Conrad Bowen\AppData\Roaming\Mozilla\Firefox\Profiles\nhg2jzjt.default-1400084744074\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [6366 octets] - [07/08/2014 09:28:22]
AdwCleaner[R1].txt - [6426 octets] - [07/08/2014 10:35:15]
AdwCleaner[R2].txt - [3418 octets] - [18/08/2014 16:17:51]
AdwCleaner[R3].txt - [3478 octets] - [19/08/2014 15:45:41]
AdwCleaner[S0].txt - [6100 octets] - [07/08/2014 10:47:47]
AdwCleaner[S1].txt - [3369 octets] - [19/08/2014 15:47:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3429 octets] ##########
 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Conrad Bowen on Tue 08/19/2014 at 15:54:37.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Conrad Bowen\appdata\local\{10D19F20-16D8-4990-8228-EFCB9611817D}
Successfully deleted: [Empty Folder] C:\Users\Conrad Bowen\appdata\local\{1D023D19-8966-4978-9A51-68329401A473}
Successfully deleted: [Empty Folder] C:\Users\Conrad Bowen\appdata\local\{3465A13D-D597-4B0C-B646-3634A755C685}
Successfully deleted: [Empty Folder] C:\Users\Conrad Bowen\appdata\local\{4FB624AA-6574-4396-B5C1-BD46C17BFAC1}



~~~ FireFox

Emptied folder: C:\Users\Conrad Bowen\AppData\Roaming\mozilla\firefox\profiles\nhg2jzjt.default-1400084744074\minidumps [33 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/19/2014 at 16:14:27.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 I don't have any questions at the moment but I'll let you know if I do.


  • 0

#15
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Thank you for the logs; things are looking good so far. Let's see what a definition based Malware scanner finds now.

Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

MBAMfoundMalwarescan_zpsafe36848.png
Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.
  • 0






Similar Topics


Also tagged with one or more of these keywords: aswMBR, Slow

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP