Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

eset found many files [Solved]


  • This topic is locked This topic is locked

#1
carol1019s

carol1019s

    Member

  • Member
  • PipPip
  • 29 posts

eset scanner has found many files could you guys please help with cleaning me up.. it looked like two files were not able to fix..

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=722c21681359904ba8a223d333d828fe
# engine=19850
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-26 07:29:40
# local_time=2014-08-26 03:29:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 28103 4358065 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 160624830 0 0
# scanned=268436
# found=20
# cleaned=18
# scan_time=9806
sh=F3E87891BBF759E953D6A1E0F6872B2F1A0FEF3E ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter potentially unwanted application" ac=I fn="C:\Users\All Users\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll"
sh=C67AADB8DC7B70FA1E6B28D3CCF2BEBEB4BA01C8 ft=1 fh=3e4c721b85cb7d65 vn="a variant of Win32/ExpressDownloader.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\GoforFiles\uninstall.exe"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\MixiDJ_V45\hktbMixi.dll"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrstub.dll"
sh=2E4ED7E54AA884C4B245FA6CA293070EF36ECAFC ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PhotoFriendzy_82 Chrome Extension\bar\[email protected]"
sh=F3E87891BBF759E953D6A1E0F6872B2F1A0FEF3E ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll"
sh=4907ADEB74AA33DDAD164B84BC26F26D1C703E24 ft=1 fh=9c8f5f5a896f0190 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Carol\Local Settings\Temp\ApnStub.exe"
sh=6846A2F81389B7C2A61509D795CE6B6B16E7297F ft=1 fh=1a23ae1e279c7a5f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Carol\Local Settings\Temp\ASKCC.tmp"
sh=2A7A34747C399CA81099B5F242F18770AE15F9B1 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe"
sh=0D6B144C5F386D53A8489E8434D8DE597BF4EC20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}\chrome\serif_photoplus.jar"
sh=8592AE1EA19834BD55EA95B86E99722DAF8FCE41 ft=1 fh=729c37a8e7cd74b0 vn="a variant of Win32/InstallCore.QC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\CCleaner_Setup.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\ccsetup416 (1).exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\ccsetup416.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\cc_setup.exe"
sh=A60CABC4FF3C3DE2B104D824693043F7479ED2D4 ft=1 fh=737fc4443e90df1a vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSI4C8F.tmp"
sh=DC3C29A963871A9FF0613FFEC4FC39AB04760924 ft=1 fh=aa8756f8c51680cf vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSIBEA0.tmp"
 


  • 0

Advertisements


#2
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Greetings carol1019s and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.
  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it will be difficult at times but it is important that you stay with me until your computer is declared clean.
stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

    Drivers MD5
    Addition.txt

    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  • Step 2

    ASWmbr Scan

    Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

    Double click the aswmbr.png aswMBR.exe to run it

    aswMBR1.png

    Click the "Scan" button to start scan

    If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well

    msgbox.png

    On completion of the scan click Save Log, save it to your desktop and post in your next reply

    aswMBR2.png

    The tool will also produce a copy of the mbrdump labeled MBR.dat. Please upload that file here.
     
     
    Items for your next post:
    • FRST.txt
    • additions.txt
    • ASWMBR log

  • 1

#3
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Owner at 2014-08-27 10:15:54
Running from C:\Users\Owner\Desktop\New folder
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Advanced JPEG Compressor 2012 (HKLM-x32\...\Advanced JPEG Compressor_is1) (Version: 2012 - WinSoftMagic Inc.)
AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.60914.1136 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
AT&T Support Plus PC Maintenance Toolbox (HKLM-x32\...\AT&T Support Plus PC Maintenance Toolbox) (Version: 2.4.0.1 - Sutherland Global Services Inc.,)
AT&T Support Plus PC Maintenance Toolbox (x32 Version: 2.4.0.1 - Sutherland Global Services Inc.,) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.94 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{02A5C383-FE94-3B52-9627-CE70B9301A0F}) (Version: 65.143.49253 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9452 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Imagic Photo (HKLM-x32\...\Imagic Photo8.0) (Version: 8.0 - Imagic Photo)
Imagic Photo (HKLM-x32\...\Imagic Photo8.2) (Version: 8.2 - Imagic Photo)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - IncrediMail) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Photo Editor (HKLM-x32\...\SmartPhotoEditor1_is1) (Version: 1.19 - Anthropics Technology Ltd.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Works version 3.2 (HKLM-x32\...\{839CA7E5-5956-487D-8138-682907C5D576}_is1) (Version: 3.2 - Cybia)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Ulead Particle.Plugin 1.0 (HKLM-x32\...\Ulead Particle.Plugin 1.0) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4193904827-2178084348-2157540247-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe No File

==================== Restore Points  =========================

17-08-2014 19:28:59 Windows Update
18-08-2014 17:04:43 Windows Update
18-08-2014 17:06:17 Windows Update
18-08-2014 17:12:36 Installed Microsoft Fix it 50123
18-08-2014 17:14:33 Windows Update
18-08-2014 17:21:20 Windows Update
18-08-2014 17:21:58 Windows Update
18-08-2014 17:34:51 Removed Microsoft Office 2010
18-08-2014 17:36:15 Removed Microsoft Office Click-to-Run 2010
18-08-2014 17:37:41 Removed Microsoft Office Home and Student 2010
18-08-2014 21:56:14 Windows Update
19-08-2014 22:33:31 Windows Update
20-08-2014 21:52:50 Windows Update
21-08-2014 22:13:22 Windows Update
22-08-2014 21:32:59 Windows Update
23-08-2014 12:32:03 Windows Update
23-08-2014 12:35:39 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01ACB253-0795-48F6-B0D1-1135D5FF01C0} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {0B6D1489-432D-44EE-8216-1628617BE4C3} - System32\Tasks\{2CD1B2D6-0AD5-440C-85DB-21ECE3CFB726} => C:\Program Files (x86)\Corel\Corel Painter Essentials 4\Corel Painter Essentials.exe
Task: {0F02E627-AFC9-4CFD-9553-88257DB069E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {13D3EE52-3010-423C-AC30-30C4558E272E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-15] (AVAST Software)
Task: {174DA027-CEF1-4EFC-91F4-CB5B04086F5E} - System32\Tasks\MySearchDial => C:\Users\Owner\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {22A3AE18-B707-4BB5-B61E-9E1A200E43AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {32A46F02-2C91-4365-858C-7AD7F2CDB037} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {38FAAEEA-71C7-460D-82AB-DE8C8436FCB6} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4BB97DE3-3D40-4DE9-9E4D-AA5CC0B3AA29} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {4E38D589-5ACA-49B4-B347-E3244763BEC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {5D2D28E5-8338-45B3-A2CB-D6C9C3787500} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-07-04] ()
Task: {5E32A351-0279-49DA-8BD8-7D5B778F1DC6} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {79BC2793-71DE-4E37-98EF-3E51EE238C8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7F727CBA-0D72-4C05-B279-0E71A11AC93B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {B7F76DDE-C5C2-45E3-A1B8-609DEB58A844} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CDA6F18D-9956-470B-A56B-31C2259AB8EC} - System32\Tasks\RunSplusUI => C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe [2014-08-20] ()
Task: {E6C9C77C-B4A5-49AD-B9D7-0B71A98FADFF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {FC37B9E7-F368-498F-946E-6EB73A60A306} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Owner\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-01-11 12:16 - 2014-08-20 10:34 - 10190936 _____ () C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-26 16:15 - 2014-08-26 16:15 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082601\algo.dll
2014-08-27 08:16 - 2014-08-27 08:16 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082700\algo.dll
2013-01-11 12:17 - 2014-08-17 07:26 - 02719536 _____ () C:\Program Files (x86)\ATTSplusPCMT\scanby.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeActiveFileMonitor10.0 => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: WRSVC => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AT&T Support Plus PC Maintenance Toolbox.lnk => C:\Windows\pss\AT&T Support Plus PC Maintenance Toolbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot FF RunOnce.lnk => C:\Windows\pss\Install Webroot FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install Webroot IE RunOnce.lnk => C:\Windows\pss\Install Webroot IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: DataMgr => "C:\Users\Owner\AppData\Roaming\DataMgr\DataMgr.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: Intermediate => "C:\Users\Owner\AppData\Roaming\Intermediate\Intermediate.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: OMESupervisor => C:\Users\Owner\AppData\Local\omesuperv.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SCheck => "C:\Users\Owner\AppData\Roaming\SCheck\SCheck.exe" check
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Snoozer =>
MSCONFIG\startupreg: SSync => "C:\Users\Owner\AppData\Roaming\SSync\SSync.exe"
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: WRSVC => "C:\Program Files (x86)\Webroot\WRSA.exe" -ul

==================== Faulty Device Manager Devices =============

Name: hlnfd
Description: hlnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hlnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: qknfd
Description: qknfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qknfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2014 08:20:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/26/2014 04:23:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/26/2014 03:46:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 00:43:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 00:43:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 00:43:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 00:31:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2014 00:23:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/26/2014 07:28:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/25/2014 01:22:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.


System errors:
=============
Error: (08/27/2014 08:16:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CoEYThOp
hlnfd
qknfd

Error: (08/27/2014 08:16:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ClearThink service failed to start due to the following error:
%%2

Error: (08/26/2014 07:23:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CoEYThOp
hlnfd
qknfd

Error: (08/26/2014 07:23:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ClearThink service failed to start due to the following error:
%%2

Error: (08/25/2014 11:27:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CoEYThOp
hlnfd
qknfd

Error: (08/25/2014 11:26:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ClearThink service failed to start due to the following error:
%%2

Error: (08/24/2014 10:10:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (08/24/2014 09:21:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CoEYThOp
hlnfd
qknfd

Error: (08/24/2014 09:20:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ClearThink service failed to start due to the following error:
%%2

Error: (08/23/2014 09:24:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CoEYThOp
hlnfd
qknfd


Microsoft Office Sessions:
=========================
Error: (08/27/2014 08:20:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 1600000000C7430000C7430000980B0000

Error: (08/26/2014 04:23:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 1600000000C7430000C7430000980B0000

Error: (08/26/2014 03:46:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/26/2014 00:43:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\anti virus\esetsmartinstaller_enu.exe

Error: (08/26/2014 00:43:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\anti virus\esetsmartinstaller_enu.exe

Error: (08/26/2014 00:43:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\anti virus\esetsmartinstaller_enu.exe

Error: (08/26/2014 00:31:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\anti virus\esetsmartinstaller_enu.exe

Error: (08/26/2014 00:23:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 1600000000C7430000C7430000980B0000

Error: (08/26/2014 07:28:11 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 1600000000C7430000C7430000980B0000

Error: (08/25/2014 01:22:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 1600000000C7430000C7430000980B0000


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 14%
Total physical RAM: 7666.85 MB
Available physical RAM: 6555.64 MB
Total Pagefile: 19165.03 MB
Available Pagefile: 17672.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.61 GB) (Free:828.47 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.81 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E3972C5F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Owner (administrator) on OWNER-HP on 27-08-2014 10:14:51
Running from C:\Users\Owner\Desktop\New folder
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.ya...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com...t&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=906266600&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.ya...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com...t&type=avastbcl
SearchScopes: HKLM - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
SearchScopes: HKLM - {0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.ya...p={searchTerms}
SearchScopes: HKLM-x32 - {09971cee-01b8-42bc-9d91-456b1faad6be} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM-x32 - {0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.ya...p={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
SearchScopes: HKCU - {0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {ADFB592F-6E43-4F96-AA8F-ABF90378EA9C} URL = http://search.yahoo....petb&type=10885
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: LessTabs -> {3178A392-8963-471E-B7A2-969CB58D6496} -> C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: OfferMosquito -> {82B16A3D-F03E-4565-A532-666B219C9A53} -> C:\Users\Owner\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll (Bebo Media Ltd)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Define -> {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -> C:\Users\Owner\AppData\Local\DefineExt\temp.dat No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: No Name -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} ->  No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {4DA729A4-684A-4034-A45B-6D56CEAAE92B} -  No File
Toolbar: HKCU - No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d2ittass.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Owner\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013-08-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-19]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-03-17]
CHR Extension: (Share with Facebook, Twitter, Google+, Email) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-19]
CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-19]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Owner\AppData\Local\Google\Chrome Frame\User Data\IEXPLORE\Default\ext_offermosquito\ext_offermosquito.crx [2013-12-19]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Owner\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\Owner\AppData\Local\Temp\ccex.crx [2013-12-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Owner\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Update ClearThink; "C:\Program Files (x86)\ClearThink\updateClearThink.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; No ImagePath
S0 CoEYThOp; System32\drivers\CoEYThOp.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
U4 Messenger; No ImagePath
S1 qknfd; system32\drivers\qknfd.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 1512CEEDC3657082F396A0818528B5E8
C:\Windows\System32\DRIVERS\atikmpag.sys 3D00276750E2D6F35228E12868CF1A46
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\amd_sata.sys 2FBB00A7616106B95104574C6CD640C2
C:\Windows\System32\drivers\amd_xata.sys 87D0D7645CB0D53220649BD5FE15D93E
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys D95E64416A4A3ED6986E0F474DA934BD
C:\Windows\system32\drivers\aswMonFlt.sys FF1E537A3632CBB9A0BF72B9FD0878D5
C:\Windows\system32\drivers\aswRdr2.sys A5757DE5F9C83AB40667A53D5126EA40
C:\Windows\System32\Drivers\aswRvrt.sys 645D97385F3F284FB5604F9B970F4D24
C:\Windows\system32\drivers\aswSnx.sys B8FDEDE963B82CFD23B3A53A3084666D
C:\Windows\system32\drivers\aswSP.sys 0DEDC041DF594AEC2C3BD00417CFAF60
C:\Windows\system32\drivers\aswStm.sys 48DED912CDE54FC0923B9858512366E1
C:\Windows\System32\Drivers\aswVmm.sys 471A311745848B80339436688A8286E6
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btwampfl.sys A0DFB69ADE3444C78B17636FCF28E898
C:\Windows\System32\drivers\btwaudio.sys 7CF028CE78696882B327FF13D2DFA534
C:\Windows\System32\drivers\btwavdt.sys 3DEF2370E414B4E299673558BA171A51
C:\Windows\System32\DRIVERS\btwl2cap.sys 346B4051B3D7FF70E8F027869B8ECA6E
C:\Windows\System32\DRIVERS\btwrchid.sys 9937E0E4DFC0030560A6DFE9D3A94B39
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 91ED47813243B455E2D81115A8255F0E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\drivers\usbfilter.sys 573D192E268F0C5B486B7E96F661E538
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\FRST
2014-08-27 10:09 - 2014-08-27 10:14 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-08-26 12:43 - 2014-08-26 12:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Users\Owner\Desktop\anti virus
2014-08-26 12:23 - 2014-08-26 12:23 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-26 12:22 - 2014-08-26 12:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-23 09:29 - 2014-08-23 09:29 - 00000127 _____ () C:\Users\Owner\Documents\HP TouchSmart Calendar.ics
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-23 07:51 - 2014-08-23 07:51 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (4).exe
2014-08-23 07:51 - 2014-08-23 07:51 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (3).exe
2014-08-18 13:12 - 2014-08-18 13:12 - 00985600 _____ () C:\Users\Owner\Downloads\MicrosoftFixit50123.msi
2014-08-18 13:08 - 2014-08-18 13:08 - 00302011 _____ () C:\Users\Owner\Downloads\WindowsUpdateDiagnostic.diagcab
2014-08-18 12:26 - 2014-08-18 12:26 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (2).exe
2014-08-18 12:26 - 2014-08-18 12:26 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (1).exe
2014-08-16 18:47 - 2014-08-26 07:23 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-08-16 18:47 - 2014-08-25 12:46 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-08-15 19:32 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 19:32 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 19:32 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 19:32 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 19:32 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 19:32 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 19:31 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 19:31 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 18:59 - 2014-08-15 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\lptmp1240585286
2014-08-15 18:46 - 2014-08-27 08:15 - 00001064 _____ () C:\Windows\setupact.log
2014-08-15 18:46 - 2014-08-24 09:20 - 00010336 _____ () C:\Windows\PFRO.log
2014-08-15 18:46 - 2014-08-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 15:34 - 2014-08-15 15:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 15:34 - 2014-08-15 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 15:22 - 2014-08-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-15 15:21 - 2014-08-22 16:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-15 15:21 - 2014-08-15 15:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-15 15:21 - 2014-08-15 15:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-15 15:21 - 2014-08-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-15 15:18 - 2014-08-15 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-15 15:14 - 2014-08-15 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 15:12 - 2014-08-15 15:16 - 91906368 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2014-08-15 15:10 - 2014-08-15 15:10 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online (1).exe
2014-08-15 15:09 - 2014-08-15 15:10 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-15 15:05 - 2014-08-15 15:05 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 15:05 - 2014-08-15 15:05 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 08:17 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 08:17 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 08:17 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 08:17 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 08:17 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 08:17 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 08:17 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 08:17 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 08:17 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 08:17 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 08:17 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 08:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 08:17 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 08:17 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 08:17 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 08:17 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 08:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 08:17 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 08:17 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 08:17 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 08:17 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 08:17 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 08:17 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 08:17 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 08:17 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 08:17 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 08:17 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 08:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 08:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 08:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 08:17 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 08:16 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 08:16 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 08:16 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 08:16 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 08:16 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 08:16 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 08:16 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 08:16 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 08:16 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 08:16 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 08:16 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 08:16 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 08:16 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 08:16 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 08:16 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 08:16 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 08:16 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 08:16 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 08:16 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 08:16 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 08:16 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 08:16 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 08:16 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 08:16 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 08:16 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 08:16 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 08:16 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 08:16 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 08:16 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 08:16 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 08:16 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 08:16 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 08:16 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 08:16 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 08:16 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 08:16 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 08:16 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 08:16 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 08:16 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 08:15 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 08:15 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 08:15 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 08:15 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 19:22 - 2014-08-15 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Garmin
2014-08-14 19:22 - 2014-08-15 11:48 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Program Files\DIFX
2014-08-14 19:21 - 2014-08-15 22:10 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-14 19:21 - 2014-08-15 22:10 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-14 19:20 - 2014-08-15 22:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 17:08 - 2014-08-05 17:08 - 00048188 _____ () C:\Users\Owner\Downloads\Cover Letter Template.zip
2014-08-02 06:53 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 06:53 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 06:53 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 06:53 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 06:53 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 06:53 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 06:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 06:53 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 06:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 10:14 - 2014-08-27 10:14 - 00000000 ____D () C:\FRST
2014-08-27 10:14 - 2014-08-27 10:09 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-08-27 10:13 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 10:13 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 10:10 - 2014-06-12 10:05 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000UA.job
2014-08-27 10:10 - 2014-06-12 10:05 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000Core.job
2014-08-27 09:44 - 2014-02-12 15:11 - 00000308 _____ () C:\Windows\Tasks\MySearchDial.job
2014-08-27 09:42 - 2012-03-28 17:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 09:37 - 2013-06-27 14:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 09:35 - 2012-03-11 04:42 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-08-27 09:25 - 2012-02-26 22:04 - 01672021 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 08:44 - 2012-03-28 17:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 08:19 - 2012-02-26 19:13 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{679BB6E4-F269-4F83-943C-BCEEAC16DC82}
2014-08-27 08:17 - 2013-06-28 12:46 - 00000000 ____D () C:\Program Files (x86)\ATTSplusPCMT
2014-08-27 08:16 - 2012-04-04 08:32 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-08-27 08:16 - 2011-12-27 22:52 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-27 08:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 08:15 - 2014-08-15 18:46 - 00001064 _____ () C:\Windows\setupact.log
2014-08-26 15:28 - 2013-09-05 12:54 - 00000000 ____D () C:\Program Files (x86)\GoforFiles
2014-08-26 15:28 - 2013-07-25 07:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-26 15:28 - 2013-07-25 07:08 - 00000000 ____D () C:\Program Files (x86)\MixiDJ_V45
2014-08-26 12:43 - 2014-08-26 12:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Users\Owner\Desktop\anti virus
2014-08-26 12:23 - 2014-08-26 12:23 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-26 12:23 - 2014-08-26 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-26 12:23 - 2012-04-03 16:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-26 12:22 - 2012-10-25 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-26 07:23 - 2014-08-16 18:47 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-08-26 07:23 - 2009-07-14 00:45 - 04997648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 12:46 - 2014-08-16 18:47 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-08-25 12:45 - 2012-04-23 09:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-25 12:45 - 2012-02-27 10:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-24 09:32 - 2013-06-28 11:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2014-08-24 09:20 - 2014-08-15 18:46 - 00010336 _____ () C:\Windows\PFRO.log
2014-08-23 09:29 - 2014-08-23 09:29 - 00000127 _____ () C:\Users\Owner\Documents\HP TouchSmart Calendar.ics
2014-08-23 09:19 - 2014-01-06 14:07 - 00000000 ____D () C:\Windows\pss
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-23 08:36 - 2012-08-31 16:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-23 07:51 - 2014-08-23 07:51 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (4).exe
2014-08-23 07:51 - 2014-08-23 07:51 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (3).exe
2014-08-22 16:32 - 2014-08-15 15:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-20 13:06 - 2014-03-16 12:50 - 00002106 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 13:50 - 2012-02-26 19:15 - 00132264 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 13:39 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew
2014-08-18 13:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-18 13:12 - 2014-08-18 13:12 - 00985600 _____ () C:\Users\Owner\Downloads\MicrosoftFixit50123.msi
2014-08-18 13:08 - 2014-08-18 13:08 - 00302011 _____ () C:\Users\Owner\Downloads\WindowsUpdateDiagnostic.diagcab
2014-08-18 12:26 - 2014-08-18 12:26 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (2).exe
2014-08-18 12:26 - 2014-08-18 12:26 - 01260864 _____ (LogMeIn, Inc.) C:\Users\Owner\Downloads\Support-LogMeInRescue (1).exe
2014-08-18 11:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 22:12 - 2011-12-27 22:49 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-08-15 22:12 - 2011-12-27 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP TouchSmart
2014-08-15 22:10 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Garmin
2014-08-15 22:10 - 2014-08-14 19:21 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 22:10 - 2014-08-14 19:21 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 22:10 - 2014-08-14 19:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 21:32 - 2012-02-26 22:04 - 00000000 ____D () C:\Users\Owner
2014-08-15 21:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 19:40 - 2013-07-26 19:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 19:36 - 2012-02-27 09:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 19:31 - 2014-05-06 18:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 19:19 - 2013-08-13 09:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-15 19:19 - 2012-02-29 12:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-08-15 19:14 - 2012-04-25 14:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-15 19:09 - 2013-08-27 08:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-15 19:01 - 2012-02-27 09:28 - 00000000 ____D () C:\Program Files (x86)\Webroot
2014-08-15 18:59 - 2014-08-15 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\lptmp1240585286
2014-08-15 18:46 - 2014-08-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 15:34 - 2014-08-15 15:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 15:34 - 2014-08-15 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 15:22 - 2014-08-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-15 15:21 - 2014-08-15 15:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-15 15:21 - 2014-08-15 15:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-15 15:21 - 2014-08-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-15 15:18 - 2014-08-15 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-15 15:18 - 2014-08-15 15:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 15:16 - 2014-08-15 15:12 - 91906368 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup.exe
2014-08-15 15:10 - 2014-08-15 15:10 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online (1).exe
2014-08-15 15:10 - 2014-08-15 15:09 - 04862664 _____ (AVAST Software) C:\Users\Owner\Downloads\avast_free_antivirus_setup_online.exe
2014-08-15 15:07 - 2012-08-24 17:43 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 15:07 - 2012-02-28 08:27 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
2014-08-15 15:07 - 2011-02-11 13:00 - 00000000 ____D () C:\Windows\Panther
2014-08-15 15:05 - 2014-08-15 15:05 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 15:05 - 2014-08-15 15:05 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 12:08 - 2012-02-26 19:53 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-15 11:48 - 2014-08-14 19:22 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-08-15 11:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-08-15 11:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Program Files\DIFX
2014-08-09 16:59 - 2014-06-12 10:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2014-08-06 22:06 - 2014-08-15 08:15 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 08:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 17:09 - 2008-03-18 00:13 - 00068471 _____ () C:\Users\Owner\Desktop\Cover Letter Template.dotx
2014-08-05 17:08 - 2014-08-05 17:08 - 00048188 _____ () C:\Users\Owner\Downloads\Cover Letter Template.zip
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 19:41 - 2014-08-15 08:16 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 08:17 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 08:05

==================== End Of Log ============================


  • 0

#5
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-27 10:22:55
-----------------------------
10:22:55.176    OS Version: Windows x64 6.1.7601 Service Pack 1
10:22:55.176    Number of processors: 4 586 0x100
10:22:55.176    ComputerName: OWNER-HP  UserName: Owner
10:22:56.720    Initialize success
10:22:56.720    VM: initialized successfully
10:22:56.736    VM: Amd CPU supported virtualizedSuspended
10:23:00.247    VM: supported disk I/O storport.sys
10:23:03.773    AVAST engine defs: 14082700
10:24:18.993    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
10:24:18.993    Disk 0 Vendor: ST310005 HP64 Size: 953869MB BusType: 11
10:24:19.133    Disk 0 MBR read successfully
10:24:19.133    Disk 0 MBR scan
10:24:19.133    Disk 0 Windows 7 default MBR code
10:24:19.149    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:24:19.164    Disk 0 default boot code
10:24:19.180    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       936557 MB offset 206848
10:24:19.211    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17210 MB offset 1918275584
10:24:19.258    Disk 0 scanning C:\Windows\system32\drivers
10:24:29.523    Service scanning
10:24:45.404    Modules scanning
10:24:45.404    Disk 0 trace - called modules:
10:24:45.435    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:24:45.435    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007785060]
10:24:45.451    3 CLASSPNP.SYS[fffff8800191943f] -> nt!IofCallDriver -> [0xfffffa80074cb040]
10:24:45.451    5 amd_xata.sys[fffff88000e9c8f7] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80074c79c0]
10:24:46.621    AVAST engine scan C:\
13:06:44.664    Scan finished successfully
13:47:25.335    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\New folder\MBR.dat"
13:47:25.335    The log file has been saved successfully to "C:\Users\Owner\Desktop\New folder\aswMBR.txt"

 


  • 0

#6
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts


Hello carol1019s, thank you for the logs you provided.

Step 1

FRST Fix
If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   4.15KB   82 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Step 2

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the adwcleaner.pngAdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

For your next post I would like to see:

aswmbr log
fixlog.txt
AdwCleaner[R0].txt.


  • 1

#7
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by Owner at 2014-08-28 10:16:42 Run:1
Running from C:\Users\Owner\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=906266600&ir=
SearchScopes: HKLM - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
SearchScopes: HKCU - {09971cee-01b8-42bc-9d91-456b1faad6be} URL =
SearchScopes: HKCU - {0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {4DA729A4-684A-4034-A45B-6D56CEAAE92B} -  No File
Toolbar: HKCU - No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Owner\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (Bebo Media Ltd)
C:\Users\Owner\AppData\Local\ext_offermosquito
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2013-12-19]
C:\Program Files (x86)\LessTabs
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2013-12-19]
C:\Program Files (x86)\Coupons.com CouponBar
CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\Owner\AppData\Local\Temp\ccex.crx [2013-12-19]
S2 Update ClearThink; "C:\Program Files (x86)\ClearThink\updateClearThink.exe" [X]
C:\Program Files (x86)\ClearThink
S0 CoEYThOp; System32\drivers\CoEYThOp.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
Task: {01ACB253-0795-48F6-B0D1-1135D5FF01C0} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe
<==== ATTENTION
Task: {174DA027-CEF1-4EFC-91F4-CB5B04086F5E} - System32\Tasks\MySearchDial => C:\Users\Owner\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {5E32A351-0279-49DA-8BD8-7D5B778F1DC6} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Owner\AppData\Roaming\MySearchDial\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
C:\Users\Owner\AppData\Roaming\DataMgr
C:\Users\Owner\AppData\Local\omesuperv.exe
C:\Users\Owner\AppData\Roaming\SCheck
C:\Users\Owner\AppData\Roaming\ShopAtHome
C:\Users\Owner\AppData\Roaming\SSync
reboot:
end
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key deleted successfully.
"HKCR\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key deleted successfully.
"HKCR\CLSID\{09971cee-01b8-42bc-9d91-456b1faad6be}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2}" => Key deleted successfully.
"HKCR\CLSID\{0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
"HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key deleted successfully.
"HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => value deleted successfully.
"HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4DA729A4-684A-4034-A45B-6D56CEAAE92B} => value deleted successfully.
"HKCR\CLSID\{4DA729A4-684A-4034-A45B-6D56CEAAE92B}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} => value deleted successfully.
"HKCR\CLSID\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value deleted successfully.
"HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}" => Key not found.
"HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper" => Key deleted successfully.
C:\Users\Owner\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll => Moved successfully.
C:\Users\Owner\AppData\Local\ext_offermosquito => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cekmkdkefndbeciggfanobcemjnppbbb" => Key deleted successfully.
"C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx" => File/Directory not found.
"C:\Program Files (x86)\LessTabs" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => Key deleted successfully.
"C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx" => File/Directory not found.
"C:\Program Files (x86)\Coupons.com CouponBar" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eijoglodfkeicibboibphapnoahoaapi" => Key deleted successfully.
"C:\Users\Owner\AppData\Local\Temp\ccex.crx" => File/Directory not found.
Update ClearThink => Service deleted successfully.
"C:\Program Files (x86)\ClearThink" => File/Directory not found.
CoEYThOp => Service deleted successfully.
hlnfd => Service deleted successfully.
qknfd => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01ACB253-0795-48F6-B0D1-1135D5FF01C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01ACB253-0795-48F6-B0D1-1135D5FF01C0}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.
<==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{174DA027-CEF1-4EFC-91F4-CB5B04086F5E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{174DA027-CEF1-4EFC-91F4-CB5B04086F5E}" => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E32A351-0279-49DA-8BD8-7D5B778F1DC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E32A351-0279-49DA-8BD8-7D5B778F1DC6}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate" => Key deleted successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\Software\Classes\exefile" => Key deleted successfully.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========

C:\Users\Owner\AppData\Roaming\DataMgr => Moved successfully.
C:\Users\Owner\AppData\Local\omesuperv.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\SCheck => Moved successfully.
"C:\Users\Owner\AppData\Roaming\ShopAtHome" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\SSync => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====


  • 0

#8
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-27 10:22:55
-----------------------------
10:22:55.176    OS Version: Windows x64 6.1.7601 Service Pack 1
10:22:55.176    Number of processors: 4 586 0x100
10:22:55.176    ComputerName: OWNER-HP  UserName: Owner
10:22:56.720    Initialize success
10:22:56.720    VM: initialized successfully
10:22:56.736    VM: Amd CPU supported virtualizedSuspended
10:23:00.247    VM: supported disk I/O storport.sys
10:23:03.773    AVAST engine defs: 14082700
10:24:18.993    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
10:24:18.993    Disk 0 Vendor: ST310005 HP64 Size: 953869MB BusType: 11
10:24:19.133    Disk 0 MBR read successfully
10:24:19.133    Disk 0 MBR scan
10:24:19.133    Disk 0 Windows 7 default MBR code
10:24:19.149    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:24:19.164    Disk 0 default boot code
10:24:19.180    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       936557 MB offset 206848
10:24:19.211    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17210 MB offset 1918275584
10:24:19.258    Disk 0 scanning C:\Windows\system32\drivers
10:24:29.523    Service scanning
10:24:45.404    Modules scanning
10:24:45.404    Disk 0 trace - called modules:
10:24:45.435    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:24:45.435    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007785060]
10:24:45.451    3 CLASSPNP.SYS[fffff8800191943f] -> nt!IofCallDriver -> [0xfffffa80074cb040]
10:24:45.451    5 amd_xata.sys[fffff88000e9c8f7] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80074c79c0]
10:24:46.621    AVAST engine scan C:\
13:06:44.664    Scan finished successfully
13:47:25.335    Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\New folder\MBR.dat"
13:47:25.335    The log file has been saved successfully to "C:\Users\Owner\Desktop\New folder\aswMBR.txt"

 


  • 0

#9
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

# AdwCleaner v3.308 - Report created 28/08/2014 at 10:29:03
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\New folder\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\alotserviceruntime.log
File Found : C:\END
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Babylon
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\goforfiles
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Found : C:\Program Files (x86)\MyFunCards_5m
Folder Found : C:\Program Files\Babylon
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Owner\AppData\Local\Babylon
Folder Found : C:\Users\Owner\AppData\Local\Conduit
Folder Found : C:\Users\Owner\AppData\Local\DefineExt
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito
Folder Found : C:\Users\Owner\AppData\Local\PackageAware
Folder Found : C:\Users\Owner\AppData\Local\visi_coupon
Folder Found : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Found : C:\Users\Owner\AppData\Roaming\Babylon
Folder Found : C:\Users\Owner\AppData\Roaming\Common\LuaRT
Folder Found : C:\Users\Owner\AppData\Roaming\goforfiles
Folder Found : C:\Users\Owner\AppData\Roaming\Intermediate
Folder Found : C:\Users\Owner\AppData\Roaming\OfferMosquito

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\iWon
Key Found : HKCU\Software\AppDataLow\Software\MyFunCards_5m
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\OfferMosquito
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\Protector
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\BABSOLUTION
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\mysearchdial
Key Found : [x64] HKCU\Software\OfferMosquito
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\pc optimizer pro
Key Found : [x64] HKCU\Software\Protector
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2956691
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\DefaultTab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\ImInstaller
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_fotosketcher_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_fotosketcher_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\MyFunCards_5m
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d2ittass.default\prefs.js ]


-\\ Google Chrome v37.0.2062.94

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [17249 octets] - [28/08/2014 10:29:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17310 octets] ##########
 


  • 0

#10
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Avast anti virus program does not seem to be running.. the icon is not down by the clock

although it does apear under services tab


Edited by carol1019s, 28 August 2014 - 09:02 AM.

  • 0

Advertisements


#11
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi Carol, we will take a look at avast once we have finished with the clean and see what is going on there.

ok I have checked the ADWcleaner log and there is nothing unexpected in there so I would like you do perform the following please.

Re-run AdwCleaner

Close all open windows and browsers.

  • Double click the adwcleaner.pngAdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the adwcleaner.pngAdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

It will ask to reboot. Let it do so.


Then
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by right-clicking JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Then

Please run FRST/FRST64 again from your Deskop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

Items for your next post:

  • Adwcleaner Log
  • JRT Log
  • Frst Log

  • 0

#12
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

# AdwCleaner v3.308 - Report created 28/08/2014 at 15:10:56
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\New folder\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\Program Files (x86)\goforfiles
Folder Deleted : C:\Program Files (x86)\MyFunCards_5m
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Owner\AppData\Local\Babylon
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\DefineExt
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Common\LuaRT
Folder Deleted : C:\Users\Owner\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Owner\AppData\Roaming\Intermediate
Folder Deleted : C:\Users\Owner\AppData\Roaming\OfferMosquito
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\alotservice_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2956691
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_fotosketcher_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_fotosketcher_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\OfferMosquito
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Protector
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\MyFunCards_5m
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\DefaultTab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\MyFunCards_5m
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d2ittass.default\prefs.js ]


-\\ Google Chrome v37.0.2062.94

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [17659 octets] - [28/08/2014 10:29:03]
AdwCleaner[R1].txt - [17582 octets] - [28/08/2014 15:09:13]
AdwCleaner[S0].txt - [16746 octets] - [28/08/2014 15:10:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16807 octets] ##########
 


  • 0

#13
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 08/28/2014 at 15:16:21.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3178A392-8963-471E-B7A2-969CB58D6496}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mycleanpc"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{007E75C0-CB73-4A71-B32D-AF913222AA20}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/28/2014 at 15:25:11.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#14
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Owner (administrator) on OWNER-HP on 28-08-2014 15:51:41
Running from C:\Users\Owner\Desktop\New folder
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-05] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.ya...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.ya...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com...t&type=avastbcl
SearchScopes: HKLM - {0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.ya...p={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {ADFB592F-6E43-4F96-AA8F-ABF90378EA9C} URL = http://search.yahoo....petb&type=10885
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d2ittass.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-19]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-03-17]
CHR Extension: (Share with Facebook, Twitter, Google+, Email) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-19]
CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-19]
CHR HKCU\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Owner\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]
CHR HKLM-x32\...\Chrome\Extension: [iigplimlmgilpobjilfbfeilnpiigpgl] - C:\Users\Owner\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; No ImagePath
U4 Messenger; No ImagePath
U0 SR; No ImagePath
U2 srservice; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 1512CEEDC3657082F396A0818528B5E8
C:\Windows\System32\DRIVERS\atikmpag.sys 3D00276750E2D6F35228E12868CF1A46
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\amd_sata.sys 352476C98EF3952563A14F767491BBA9
C:\Windows\System32\drivers\amd_xata.sys F4805C309FE48D6939147FE5CCDB1AD4
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys D95E64416A4A3ED6986E0F474DA934BD
C:\Windows\system32\drivers\aswMonFlt.sys FF1E537A3632CBB9A0BF72B9FD0878D5
C:\Windows\system32\drivers\aswRdr2.sys A5757DE5F9C83AB40667A53D5126EA40
C:\Windows\System32\Drivers\aswRvrt.sys 645D97385F3F284FB5604F9B970F4D24
C:\Windows\system32\drivers\aswSnx.sys B8FDEDE963B82CFD23B3A53A3084666D
C:\Windows\system32\drivers\aswSP.sys 0DEDC041DF594AEC2C3BD00417CFAF60
C:\Windows\system32\drivers\aswStm.sys 48DED912CDE54FC0923B9858512366E1
C:\Windows\System32\Drivers\aswVmm.sys 471A311745848B80339436688A8286E6
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btwampfl.sys A0DFB69ADE3444C78B17636FCF28E898
C:\Windows\System32\drivers\btwaudio.sys 7CF028CE78696882B327FF13D2DFA534
C:\Windows\System32\drivers\btwavdt.sys 3DEF2370E414B4E299673558BA171A51
C:\Windows\System32\DRIVERS\btwl2cap.sys 346B4051B3D7FF70E8F027869B8ECA6E
C:\Windows\System32\DRIVERS\btwrchid.sys 9937E0E4DFC0030560A6DFE9D3A94B39
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 91ED47813243B455E2D81115A8255F0E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\drivers\usbfilter.sys 573D192E268F0C5B486B7E96F661E538
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 15:25 - 2014-08-28 15:25 - 00002281 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-08-28 15:16 - 2014-08-28 15:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 15:07 - 2014-08-28 15:07 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-08-28 11:08 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-28 11:07 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-28 11:07 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-28 11:07 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-28 11:07 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-28 11:07 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-28 11:07 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-28 11:07 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-28 11:07 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-28 11:07 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-28 11:07 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-28 11:07 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-28 11:07 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-28 11:07 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-28 11:07 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-28 11:07 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-28 11:07 - 2013-10-01 16:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-28 11:07 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-28 11:06 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-28 11:05 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-28 11:05 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-28 11:05 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-28 11:05 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-28 11:05 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-28 11:05 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-28 11:04 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-28 11:04 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-28 11:04 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-28 11:04 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-28 10:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-28 10:28 - 2014-08-28 15:11 - 00000000 ____D () C:\AdwCleaner
2014-08-27 10:14 - 2014-08-28 15:51 - 00000000 ____D () C:\FRST
2014-08-27 10:09 - 2014-08-28 15:51 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-08-26 12:43 - 2014-08-26 12:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Users\Owner\Desktop\anti virus
2014-08-26 12:23 - 2014-08-26 12:23 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-26 12:22 - 2014-08-26 12:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-23 09:29 - 2014-08-23 09:29 - 00000127 _____ () C:\Users\Owner\Documents\HP TouchSmart Calendar.ics
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-16 18:47 - 2014-08-26 07:23 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-08-16 18:47 - 2014-08-25 12:46 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-08-15 19:32 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 19:32 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 19:32 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 19:32 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 19:32 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 19:32 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 19:31 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 19:31 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 18:59 - 2014-08-15 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\lptmp1240585286
2014-08-15 18:46 - 2014-08-28 15:12 - 00001400 _____ () C:\Windows\setupact.log
2014-08-15 18:46 - 2014-08-28 15:11 - 00010650 _____ () C:\Windows\PFRO.log
2014-08-15 18:46 - 2014-08-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 15:34 - 2014-08-15 15:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 15:34 - 2014-08-15 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 15:22 - 2014-08-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-15 15:21 - 2014-08-22 16:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-15 15:21 - 2014-08-15 15:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-15 15:21 - 2014-08-15 15:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-15 15:21 - 2014-08-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-15 15:18 - 2014-08-15 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-15 15:14 - 2014-08-15 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 15:05 - 2014-08-15 15:05 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 15:05 - 2014-08-15 15:05 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 08:17 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 08:17 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 08:17 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 08:17 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 08:17 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 08:17 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 08:17 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 08:17 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 08:17 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 08:17 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 08:17 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 08:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 08:17 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 08:17 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 08:17 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 08:17 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 08:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 08:17 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 08:17 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 08:17 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 08:17 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 08:17 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 08:17 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 08:17 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 08:17 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 08:17 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 08:17 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 08:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 08:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 08:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 08:17 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 08:16 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 08:16 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 08:16 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 08:16 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 08:16 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 08:16 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 08:16 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 08:16 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 08:16 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 08:16 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 08:16 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 08:16 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 08:16 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 08:16 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 08:16 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 08:16 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 08:16 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 08:16 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 08:16 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 08:16 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 08:16 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 08:16 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 08:16 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 08:16 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 08:16 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 08:16 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 08:16 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 08:16 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 08:16 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 08:16 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 08:16 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 08:16 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 08:16 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 08:16 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 08:16 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 08:16 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 08:16 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 08:16 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 08:16 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 08:15 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 08:15 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 08:15 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 08:15 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 19:22 - 2014-08-15 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Garmin
2014-08-14 19:22 - 2014-08-15 11:48 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Program Files\DIFX
2014-08-14 19:21 - 2014-08-15 22:10 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-14 19:21 - 2014-08-15 22:10 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-14 19:20 - 2014-08-15 22:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-02 06:53 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 06:53 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 06:53 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 06:53 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 06:53 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 06:53 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 06:53 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 06:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 06:53 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 06:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 15:51 - 2014-08-27 10:14 - 00000000 ____D () C:\FRST
2014-08-28 15:51 - 2014-08-27 10:09 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-08-28 15:42 - 2012-03-28 17:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 15:40 - 2012-02-26 22:04 - 01821184 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 15:37 - 2013-06-27 14:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 15:35 - 2012-03-11 04:42 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-08-28 15:25 - 2014-08-28 15:25 - 00002281 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-08-28 15:19 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 15:19 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 15:16 - 2014-08-28 15:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 15:14 - 2013-06-28 12:46 - 00000000 ____D () C:\Program Files (x86)\ATTSplusPCMT
2014-08-28 15:12 - 2014-08-15 18:46 - 00001400 _____ () C:\Windows\setupact.log
2014-08-28 15:12 - 2012-03-28 17:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 15:12 - 2011-12-27 22:52 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-28 15:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 15:11 - 2014-08-28 10:28 - 00000000 ____D () C:\AdwCleaner
2014-08-28 15:11 - 2014-08-15 18:46 - 00010650 _____ () C:\Windows\PFRO.log
2014-08-28 15:10 - 2013-11-02 13:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Common
2014-08-28 15:07 - 2014-08-28 15:07 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-08-28 13:10 - 2014-06-12 10:05 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000UA.job
2014-08-28 11:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 11:17 - 2009-07-14 00:45 - 04997648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 11:10 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-28 11:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-28 11:07 - 2012-08-31 16:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-28 10:57 - 2012-02-26 19:13 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{679BB6E4-F269-4F83-943C-BCEEAC16DC82}
2014-08-28 10:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-28 10:37 - 2014-03-08 16:45 - 00000000 ____D () C:\Users\Owner\Downloads\kaleidoscope2-1
2014-08-28 10:18 - 2014-02-18 07:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 10:16 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-28 10:10 - 2014-06-12 10:05 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000Core.job
2014-08-26 15:28 - 2013-07-25 07:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-26 15:28 - 2013-07-25 07:08 - 00000000 ____D () C:\Program Files (x86)\MixiDJ_V45
2014-08-26 12:43 - 2014-08-26 12:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 12:31 - 2014-08-26 12:31 - 00000000 ____D () C:\Users\Owner\Desktop\anti virus
2014-08-26 12:23 - 2014-08-26 12:23 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-26 12:23 - 2014-08-26 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-26 12:23 - 2012-04-03 16:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-26 12:22 - 2012-10-25 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-26 07:23 - 2014-08-16 18:47 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-08-25 12:46 - 2014-08-16 18:47 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-08-25 12:45 - 2012-04-23 09:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-25 12:45 - 2012-02-27 10:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-24 09:32 - 2013-06-28 11:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2014-08-23 09:29 - 2014-08-23 09:29 - 00000127 _____ () C:\Users\Owner\Documents\HP TouchSmart Calendar.ics
2014-08-23 09:19 - 2014-01-06 14:07 - 00000000 ____D () C:\Windows\pss
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-22 16:32 - 2014-08-15 15:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-20 13:06 - 2014-03-16 12:50 - 00002106 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 13:50 - 2012-02-26 19:15 - 00132264 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 13:39 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew
2014-08-15 22:12 - 2011-12-27 22:49 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-08-15 22:12 - 2011-12-27 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP TouchSmart
2014-08-15 22:10 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Garmin
2014-08-15 22:10 - 2014-08-14 19:21 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 22:10 - 2014-08-14 19:21 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 22:10 - 2014-08-14 19:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 21:32 - 2012-02-26 22:04 - 00000000 ____D () C:\Users\Owner
2014-08-15 19:40 - 2013-07-26 19:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 19:36 - 2012-02-27 09:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 19:31 - 2014-05-06 18:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 19:19 - 2013-08-13 09:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-15 19:19 - 2012-02-29 12:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-08-15 19:14 - 2012-04-25 14:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-15 19:09 - 2013-08-27 08:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-15 19:01 - 2012-02-27 09:28 - 00000000 ____D () C:\Program Files (x86)\Webroot
2014-08-15 18:59 - 2014-08-15 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\lptmp1240585286
2014-08-15 18:46 - 2014-08-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 15:34 - 2014-08-15 15:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 15:34 - 2014-08-15 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 15:22 - 2014-08-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-15 15:21 - 2014-08-15 15:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-15 15:21 - 2014-08-15 15:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-15 15:21 - 2014-08-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-15 15:18 - 2014-08-15 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-15 15:18 - 2014-08-15 15:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 15:07 - 2012-08-24 17:43 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 15:07 - 2012-02-28 08:27 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
2014-08-15 15:07 - 2011-02-11 13:00 - 00000000 ____D () C:\Windows\Panther
2014-08-15 15:05 - 2014-08-15 15:05 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 15:05 - 2014-08-15 15:05 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 12:08 - 2012-02-26 19:53 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-15 11:48 - 2014-08-14 19:22 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-08-15 11:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-08-15 11:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Program Files\DIFX
2014-08-09 16:59 - 2014-06-12 10:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2014-08-06 22:06 - 2014-08-15 08:15 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 08:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 17:09 - 2008-03-18 00:13 - 00068471 _____ () C:\Users\Owner\Desktop\Cover Letter Template.dotx
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-31 19:41 - 2014-08-15 08:16 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-15 08:17 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 16:42

==================== End Of Log ============================


  • 0

#15
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hello again Carol, you have done great so far and things are looking pretty good.
We have one more fixlist to run to remove a couple of files and replace the avast icon in the start menu(all going to plan), then clean up some temporary files before we take a look at your avast using security check to see if it all went ok.

Once this is all done we can move on to mopping up any stragglers and on to removing our tools.

Step 1

FRST Fix
If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached fixlist.txt and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • The computer will reboot after this step.

Step 2

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

  • Please right click TFC.exe tfc.png and select Run as Administrator.. (Note: If you are running on XP, just double click the file.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 3


Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click securitycheck.png SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

How is it looking now?

Can you kindly post:

FRST fixlog

Security Check log


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP