Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

eset found many files [Solved]


  • This topic is locked This topic is locked

#31
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I think it restored back just a few hrs before it happened.. i was trying to install Acronis a backup program.. anyway i see windows has a backup program built in that seems to function fine.. so i'll use that after.. the reason i think this restore point is fairly new is.. i had just deleted some of the tools we used from the desktop.. but windows put them back on from the trash..

 

Sorry for this


  • 0

Advertisements


#32
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Carol it is no problem whatsoever. I think the best thing we can do is do an FRST scan again and get a full list and see what has been put back if anything.
 
Please run FRST again and we can see what is going on now.
 
 Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
[list]

  • Right click frst.png to run as administrator. When the tool opens click Yes to the disclaimer.
  • Ensure that the following are ticked as in the image below

    Drivers MD5
    Addition.txt

    frst-addition.png
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

ps sorry for the delay, I thought I posted this yesterday at work. I wrote it and got waylaid and just found it in my auto saved content.


  • 0

#33
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-02 10:10:32
Running from C:\Users\Owner\Desktop\New folder
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Advanced JPEG Compressor 2012 (HKLM-x32\...\Advanced JPEG Compressor_is1) (Version: 2012 - WinSoftMagic Inc.)
AMD APP SDK Runtime (Version: 2.5.732.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.60914.1136 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
AT&T Support Plus PC Maintenance Toolbox (HKLM-x32\...\AT&T Support Plus PC Maintenance Toolbox) (Version: 2.4.0.1 - Sutherland Global Services Inc.,)
AT&T Support Plus PC Maintenance Toolbox (x32 Version: 2.4.0.1 - Sutherland Global Services Inc.,) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.0908.1354.23115 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.0908.1355.23115 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.24 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\{02A5C383-FE94-3B52-9627-CE70B9301A0F}) (Version: 65.143.49253 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9452 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Imagic Photo (HKLM-x32\...\Imagic Photo8.0) (Version: 8.0 - Imagic Photo)
Imagic Photo (HKLM-x32\...\Imagic Photo8.2) (Version: 8.2 - Imagic Photo)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Single Image 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - IncrediMail) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart Photo Editor (HKLM-x32\...\SmartPhotoEditor1_is1) (Version: 1.19 - Anthropics Technology Ltd.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Works version 3.2 (HKLM-x32\...\{839CA7E5-5956-487D-8138-682907C5D576}_is1) (Version: 3.2 - Cybia)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Ulead Particle.Plugin 1.0 (HKLM-x32\...\Ulead Particle.Plugin 1.0) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4193904827-2178084348-2157540247-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe No File

==================== Restore Points  =========================

20-08-2014 21:52:50 Windows Update
21-08-2014 22:13:22 Windows Update
22-08-2014 21:32:59 Windows Update
23-08-2014 12:32:03 Windows Update
23-08-2014 12:35:39 Windows Update
28-08-2014 14:45:55 Windows Live Essentials
28-08-2014 14:46:30 WLSetup
28-08-2014 15:05:05 Windows Update
28-08-2014 15:12:47 Removed Windows Live Mesh ActiveX Control for Remote Connections
29-08-2014 22:08:50 Windows Update
31-08-2014 13:06:28 avast! antivirus system restore point
31-08-2014 13:55:35 Windows Backup
02-09-2014 10:53:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B6D1489-432D-44EE-8216-1628617BE4C3} - System32\Tasks\{2CD1B2D6-0AD5-440C-85DB-21ECE3CFB726} => C:\Program Files (x86)\Corel\Corel Painter Essentials 4\Corel Painter Essentials.exe
Task: {0F02E627-AFC9-4CFD-9553-88257DB069E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {13D3EE52-3010-423C-AC30-30C4558E272E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-15] (AVAST Software)
Task: {22A3AE18-B707-4BB5-B61E-9E1A200E43AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {32A46F02-2C91-4365-858C-7AD7F2CDB037} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4BB97DE3-3D40-4DE9-9E4D-AA5CC0B3AA29} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000UA => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {4E38D589-5ACA-49B4-B347-E3244763BEC2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {5023DD0E-9C43-4398-8A60-9415DA679955} - System32\Tasks\HPCeeScheduleForOwner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {5D2D28E5-8338-45B3-A2CB-D6C9C3787500} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-07-04] ()
Task: {79BC2793-71DE-4E37-98EF-3E51EE238C8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7F727CBA-0D72-4C05-B279-0E71A11AC93B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {B7F76DDE-C5C2-45E3-A1B8-609DEB58A844} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {BE9C4103-8047-4ADB-ABBF-E1F40BE99EA9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CDA6F18D-9956-470B-A56B-31C2259AB8EC} - System32\Tasks\RunSplusUI => C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe [2014-08-20] ()
Task: {E6C9C77C-B4A5-49AD-B9D7-0B71A98FADFF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000Core => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-12] (Facebook Inc.)
Task: {FC37B9E7-F368-498F-946E-6EB73A60A306} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000Core.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000UA.job => C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2013-01-11 12:16 - 2014-08-20 10:34 - 10190936 _____ () C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-01 15:32 - 2014-09-01 15:32 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090102\algo.dll
2014-09-02 06:49 - 2014-09-02 06:49 - 02807296 _____ () C:\Program Files\AVAST Software\Avast\defs\14090200\algo.dll
2013-01-11 12:17 - 2014-08-17 07:26 - 02719536 _____ () C:\Program Files (x86)\ATTSplusPCMT\scanby.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-08-29 07:46 - 2014-08-26 00:06 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.24\libglesv2.dll
2014-08-29 07:46 - 2014-08-26 00:06 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.24\libegl.dll
2014-08-29 07:46 - 2014-08-26 00:06 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.24\pdf.dll
2014-08-29 07:46 - 2014-08-26 00:06 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.24\ffmpegsumo.dll
2014-08-29 07:46 - 2014-08-26 00:06 - 14879560 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.24\PepperFlash\pepflashplayer.dll
2014-08-26 12:22 - 2014-07-17 01:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 07:57:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2014 07:57:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2014 06:54:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (09/01/2014 06:54:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (09/01/2014 06:49:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/31/2014 11:23:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/31/2014 09:57:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/31/2014 09:57:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/31/2014 09:44:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (08/31/2014 09:29:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.


System errors:
=============
Error: (09/01/2014 11:09:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (08/31/2014 09:31:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Acronis Scheduler2 Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (08/31/2014 09:06:44 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d73\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy11\Users\default\ntuser.dat

Error: (08/29/2014 01:53:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:47:45 PM on ‎8/‎29/‎2014 was unexpected.

Error: (08/28/2014 03:40:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/02/2014 07:57:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Owner\Desktop\anti virus\esetsmartinstaller_enu.exe

Error: (09/02/2014 07:57:06 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/02/2014 06:54:30 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000000944000009440000980B0000

Error: (09/01/2014 06:54:40 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000000944000009440000980B0000

Error: (09/01/2014 06:49:55 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000000944000009440000980B0000

Error: (08/31/2014 11:23:48 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000000944000009440000980B0000

Error: (08/31/2014 09:57:41 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestJ:\anti virus\esetsmartinstaller_enu.exe

Error: (08/31/2014 09:57:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000000944000009440000980B0000

Error: (08/31/2014 09:44:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000000944000009440000980B0000

Error: (08/31/2014 09:29:44 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: 16000000000944000009440000980B0000


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon™ HD Graphics
Percentage of memory in use: 19%
Total physical RAM: 7666.85 MB
Available physical RAM: 6134.7 MB
Total Pagefile: 19165.03 MB
Available Pagefile: 16767.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.61 GB) (Free:832.02 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.81 GB) (Free:2.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E3972C5F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#34
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Owner (administrator) on OWNER-HP on 02-09-2014 10:09:53
Running from C:\Users\Owner\Desktop\New folder
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\ATTSplusPCMT\SPLUS_UI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4193904827-2178084348-2157540247-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.ya...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.ya...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com...t&type=avastbcl
SearchScopes: HKLM - {0C1C81D1-8189-4912-A3D9-D4BFDBDF98B2} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.ya...p={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {ADFB592F-6E43-4F96-AA8F-ABF90378EA9C} URL = http://search.yahoo....petb&type=10885
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: HKLM-x32 {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.co...upldr-2k-xp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d2ittass.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-07]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-19]
CHR Extension: (AddThis - Share & Bookmark (new)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2014-03-17]
CHR Extension: (Share with Facebook, Twitter, Google+, Email) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhmhnomplgoidnkjdacpmpccmaplnmk [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-19]
CHR Extension: (Facebook Share Button (by Shareaholic)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnkijcihjiopdcfliikldphgdjadekf [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; No ImagePath
U4 Messenger; No ImagePath
U0 SR; No ImagePath
U2 srservice; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 1512CEEDC3657082F396A0818528B5E8
C:\Windows\System32\DRIVERS\atikmpag.sys 3D00276750E2D6F35228E12868CF1A46
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\amd_sata.sys 352476C98EF3952563A14F767491BBA9
C:\Windows\System32\drivers\amd_xata.sys F4805C309FE48D6939147FE5CCDB1AD4
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys D95E64416A4A3ED6986E0F474DA934BD
C:\Windows\system32\drivers\aswMonFlt.sys FF1E537A3632CBB9A0BF72B9FD0878D5
C:\Windows\system32\drivers\aswRdr2.sys A5757DE5F9C83AB40667A53D5126EA40
C:\Windows\System32\Drivers\aswRvrt.sys 645D97385F3F284FB5604F9B970F4D24
C:\Windows\system32\drivers\aswSnx.sys B8FDEDE963B82CFD23B3A53A3084666D
C:\Windows\system32\drivers\aswSP.sys 0DEDC041DF594AEC2C3BD00417CFAF60
C:\Windows\system32\drivers\aswStm.sys 48DED912CDE54FC0923B9858512366E1
C:\Windows\System32\Drivers\aswVmm.sys 471A311745848B80339436688A8286E6
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btwampfl.sys A0DFB69ADE3444C78B17636FCF28E898
C:\Windows\System32\drivers\btwaudio.sys 7CF028CE78696882B327FF13D2DFA534
C:\Windows\System32\drivers\btwavdt.sys 3DEF2370E414B4E299673558BA171A51
C:\Windows\System32\DRIVERS\btwl2cap.sys 346B4051B3D7FF70E8F027869B8ECA6E
C:\Windows\System32\DRIVERS\btwrchid.sys 9937E0E4DFC0030560A6DFE9D3A94B39
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 91ED47813243B455E2D81115A8255F0E
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\drivers\usbfilter.sys 573D192E268F0C5B486B7E96F661E538
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 11:18 - 2014-08-31 11:18 - 01470068 _____ () C:\Users\Owner\Downloads\IMG_0788.MOV
2014-08-31 09:31 - 2014-08-31 09:31 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-08-29 13:38 - 2014-08-29 13:38 - 00854417 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-08-29 13:38 - 2014-08-29 13:38 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-08-29 12:15 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 12:15 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 12:15 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 12:15 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-29 12:15 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-29 12:15 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-29 12:15 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-28 15:25 - 2014-08-28 15:25 - 00002281 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-08-28 15:16 - 2014-08-28 15:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 15:07 - 2014-08-28 15:07 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-08-28 11:08 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-28 11:07 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-28 11:07 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-28 11:07 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-28 11:07 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-28 11:07 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-28 11:07 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-28 11:07 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-28 11:07 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-28 11:07 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-28 11:07 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-28 11:07 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-28 11:07 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-28 11:07 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-28 11:07 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-28 11:07 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-28 11:05 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-28 11:05 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-28 11:05 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-28 11:05 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-28 11:05 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-28 11:04 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-28 11:04 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-28 11:04 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-28 11:04 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-28 10:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-28 10:28 - 2014-08-28 15:11 - 00000000 ____D () C:\AdwCleaner
2014-08-27 10:14 - 2014-09-02 10:09 - 00000000 ____D () C:\FRST
2014-08-27 10:09 - 2014-09-02 10:09 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-08-26 12:43 - 2014-08-26 12:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 12:31 - 2014-08-31 13:38 - 00000000 ____D () C:\Users\Owner\Desktop\anti virus
2014-08-26 12:23 - 2014-08-26 12:23 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-26 12:22 - 2014-08-26 12:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-23 09:29 - 2014-08-23 09:29 - 00000127 _____ () C:\Users\Owner\Documents\HP TouchSmart Calendar.ics
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-16 18:47 - 2014-09-02 06:48 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-08-16 18:47 - 2014-09-01 09:24 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-08-15 19:32 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 19:32 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 19:32 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 19:32 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 19:32 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 19:32 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 19:31 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 19:31 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 18:59 - 2014-08-15 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\lptmp1240585286
2014-08-15 18:46 - 2014-09-02 06:48 - 00001904 _____ () C:\Windows\setupact.log
2014-08-15 18:46 - 2014-08-28 15:11 - 00010650 _____ () C:\Windows\PFRO.log
2014-08-15 18:46 - 2014-08-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 15:34 - 2014-08-15 15:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 15:34 - 2014-08-15 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 15:22 - 2014-08-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-15 15:21 - 2014-09-01 15:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-15 15:21 - 2014-08-31 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-15 15:21 - 2014-08-15 15:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-15 15:21 - 2014-08-15 15:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-15 15:18 - 2014-08-15 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-15 15:14 - 2014-08-15 15:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 15:05 - 2014-08-15 15:05 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 15:05 - 2014-08-15 15:05 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 08:17 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 08:17 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 08:17 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 08:17 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 08:17 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 08:17 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 08:17 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 08:17 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 08:17 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 08:17 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 08:17 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 08:17 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 08:17 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 08:17 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 08:17 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 08:17 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 08:17 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 08:17 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 08:17 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 08:17 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 08:17 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 08:17 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 08:17 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 08:17 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 08:17 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 08:17 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 08:17 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 08:17 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 08:17 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 08:17 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 08:17 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 08:16 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 08:16 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 08:16 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 08:16 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 08:16 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 08:16 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 08:16 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 08:16 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 08:16 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 08:16 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 08:16 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 08:16 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 08:16 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 08:16 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 08:16 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 08:16 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 08:16 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 08:16 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 08:16 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 08:16 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 08:16 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 08:16 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 08:16 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 08:16 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 08:16 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 08:16 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 08:16 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 08:16 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 08:16 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 08:16 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 08:16 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 08:16 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 08:16 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 08:16 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 08:16 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 08:16 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 08:16 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 08:16 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 08:16 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 08:15 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 08:15 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 08:15 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 08:15 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 19:22 - 2014-08-15 22:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\Garmin
2014-08-14 19:22 - 2014-08-15 11:48 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Program Files\DIFX
2014-08-14 19:21 - 2014-08-15 22:10 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-14 19:21 - 2014-08-15 22:10 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-14 19:20 - 2014-08-15 22:10 - 00000000 ____D () C:\ProgramData\Package Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 10:10 - 2014-06-12 10:05 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000UA.job
2014-09-02 10:10 - 2014-06-12 10:05 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4193904827-2178084348-2157540247-1000Core.job
2014-09-02 10:09 - 2014-08-27 10:14 - 00000000 ____D () C:\FRST
2014-09-02 10:09 - 2014-08-27 10:09 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-09-02 10:06 - 2012-02-26 22:04 - 01541533 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 09:42 - 2012-03-28 17:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-02 09:39 - 2012-02-26 19:13 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{679BB6E4-F269-4F83-943C-BCEEAC16DC82}
2014-09-02 09:37 - 2013-06-27 14:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 09:35 - 2012-03-11 04:42 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-09-02 09:21 - 2012-03-28 17:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 06:57 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 06:57 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 06:49 - 2013-06-28 12:46 - 00000000 ____D () C:\Program Files (x86)\ATTSplusPCMT
2014-09-02 06:48 - 2014-08-16 18:47 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-09-02 06:48 - 2014-08-15 18:46 - 00001904 _____ () C:\Windows\setupact.log
2014-09-02 06:48 - 2011-12-27 22:52 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-02 06:48 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 15:32 - 2014-08-15 15:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-01 09:24 - 2014-08-16 18:47 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner
2014-09-01 09:24 - 2012-02-27 10:20 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-01 09:23 - 2012-04-23 09:21 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-31 13:38 - 2014-08-26 12:31 - 00000000 ____D () C:\Users\Owner\Desktop\anti virus
2014-08-31 13:38 - 2014-08-15 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-31 13:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-31 11:18 - 2014-08-31 11:18 - 01470068 _____ () C:\Users\Owner\Downloads\IMG_0788.MOV
2014-08-31 09:39 - 2012-02-26 22:04 - 00000000 ____D () C:\Users\Owner
2014-08-31 09:31 - 2014-08-31 09:31 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-08-31 09:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-31 07:08 - 2009-07-14 00:45 - 05001120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:38 - 2014-08-29 13:38 - 00854417 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-08-29 13:38 - 2014-08-29 13:38 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-08-29 07:46 - 2014-03-16 12:50 - 00002106 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-28 15:25 - 2014-08-28 15:25 - 00002281 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-08-28 15:16 - 2014-08-28 15:16 - 00000000 ____D () C:\Windows\ERUNT
2014-08-28 15:11 - 2014-08-28 10:28 - 00000000 ____D () C:\AdwCleaner
2014-08-28 15:11 - 2014-08-15 18:46 - 00010650 _____ () C:\Windows\PFRO.log
2014-08-28 15:10 - 2013-11-02 13:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Common
2014-08-28 15:07 - 2014-08-28 15:07 - 01016261 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2014-08-28 11:10 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-28 11:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-28 11:07 - 2012-08-31 16:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-28 10:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-28 10:37 - 2014-03-08 16:45 - 00000000 ____D () C:\Users\Owner\Downloads\kaleidoscope2-1
2014-08-28 10:18 - 2014-02-18 07:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-28 10:16 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-26 15:28 - 2013-07-25 07:08 - 00000000 ____D () C:\Users\Owner\AppData\Local\CRE
2014-08-26 15:28 - 2013-07-25 07:08 - 00000000 ____D () C:\Program Files (x86)\MixiDJ_V45
2014-08-26 12:43 - 2014-08-26 12:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-26 12:23 - 2014-08-26 12:23 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-08-26 12:23 - 2014-08-26 12:23 - 00000000 ____D () C:\ProgramData\Mozilla
2014-08-26 12:23 - 2014-08-26 12:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-26 12:23 - 2012-04-03 16:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-08-26 12:22 - 2012-10-25 17:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-24 09:32 - 2013-06-28 11:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2014-08-23 09:29 - 2014-08-23 09:29 - 00000127 _____ () C:\Users\Owner\Documents\HP TouchSmart Calendar.ics
2014-08-23 09:19 - 2014-01-06 14:07 - 00000000 ____D () C:\Windows\pss
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-08-23 09:12 - 2014-08-23 09:12 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-22 22:07 - 2014-08-29 12:15 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-29 12:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-29 12:15 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 13:50 - 2012-02-26 19:15 - 00132264 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-18 13:39 - 2010-11-21 03:16 - 00000000 ____D () C:\Windows\ShellNew
2014-08-15 22:12 - 2011-12-27 22:49 - 00000000 ____D () C:\ProgramData\TouchSmartData
2014-08-15 22:12 - 2011-12-27 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP TouchSmart
2014-08-15 22:10 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Garmin
2014-08-15 22:10 - 2014-08-14 19:21 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 22:10 - 2014-08-14 19:21 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 22:10 - 2014-08-14 19:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 19:40 - 2013-07-26 19:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 19:36 - 2012-02-27 09:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 19:31 - 2014-05-06 18:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 19:19 - 2013-08-13 09:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-15 19:19 - 2012-02-29 12:44 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-08-15 19:14 - 2012-04-25 14:09 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-15 19:09 - 2013-08-27 08:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-15 19:01 - 2012-02-27 09:28 - 00000000 ____D () C:\Program Files (x86)\Webroot
2014-08-15 18:59 - 2014-08-15 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Local\lptmp1240585286
2014-08-15 18:46 - 2014-08-15 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 15:34 - 2014-08-15 15:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-15 15:34 - 2014-08-15 15:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-15 15:34 - 2014-08-15 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 15:22 - 2014-08-15 15:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-08-15 15:21 - 2014-08-15 15:21 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-15 15:21 - 2014-08-15 15:21 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-15 15:21 - 2014-08-15 15:21 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-15 15:21 - 2014-08-15 15:21 - 00001974 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-15 15:18 - 2014-08-15 15:18 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-15 15:18 - 2014-08-15 15:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 15:07 - 2012-08-24 17:43 - 00000000 ____D () C:\Windows\Minidump
2014-08-15 15:07 - 2012-02-28 08:27 - 00000000 ___DC () C:\Users\Owner\AppData\Local\MigWiz
2014-08-15 15:07 - 2011-02-11 13:00 - 00000000 ____D () C:\Windows\Panther
2014-08-15 15:05 - 2014-08-15 15:05 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-15 15:05 - 2014-08-15 15:05 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-15 15:05 - 2014-08-15 15:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-15 12:08 - 2012-02-26 19:53 - 00000000 ____D () C:\ProgramData\Recovery
2014-08-15 11:48 - 2014-08-14 19:22 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-08-15 11:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Garmin
2014-08-14 19:22 - 2014-08-14 19:22 - 00000000 ____D () C:\Program Files\DIFX
2014-08-09 16:59 - 2014-06-12 10:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Facebook
2014-08-06 22:06 - 2014-08-15 08:15 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 08:15 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 17:09 - 2008-03-18 00:13 - 00068471 _____ () C:\Users\Owner\Desktop\Cover Letter Template.dotx
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 16:42

==================== End Of Log ============================


  • 0

#35
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Congratulations Carol, you have done really well and all is looking good with your machine. It doesn't look like any problems have been caused.

I would like you to perform the following steps to make sure your computer is really clean, then we can move on to closing:


Step 1

Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.


Step 2

Please run a free online scan with the ESET Online Scanner

  • Click Run Eset Online Scanner

Runscan.png


Note: You will need to use Internet Explorer or Firefox (You will be prompted to install a helper program if you use firefox)for this scan.
Important: Please disable your existing AV software for the duration of the scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Enable detection of potentially unwanted applications is checked
  • Next click on Advanced Settings and select:

eset-selections.png

  • Make sure that the option Remove found threats is NOT checked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

eset-selections.png

  • Click Start, the virus database will update, this may take a while depending on your internet connection.
  • Once updated, the online scan will begin. (This scan can take several hours, so please be patient)
  • Once the scan is completed, click Finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#36
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/2/2014
Scan Time: 3:05:55 PM
Logfile: fix.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.02.08
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326533
Time Elapsed: 15 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.Blekko, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1be04434-6b9f-48c8-8675-94c640d5b293}, Quarantined, [4e4be2e725564bebeb1c4a3508fa2ad6],
PUP.Optional.Blekko, HKU\S-1-5-21-4193904827-2178084348-2157540247-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1BE04434-6B9F-48C8-8675-94C640D5B293}, Quarantined, [4e4be2e725564bebeb1c4a3508fa2ad6],
PUP.Optional.Blekko, HKU\S-1-5-21-4193904827-2178084348-2157540247-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1BE04434-6B9F-48C8-8675-94C640D5B293}, Quarantined, [4e4be2e725564bebeb1c4a3508fa2ad6],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [f3a64287abd089ad056a740b3fc38080],
PUP.Optional.Highlightly, HKLM\SOFTWARE\WOW6432NODE\Highlightly, Quarantined, [a9f0eddc7b00ce683be990bcc63ee917],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE, Quarantined, [a0f9b7123d3e6ec8055804138f748a76],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [8e0b96332754979fef3324ff679c50b0],
PUP.Optional.InfoAxe.A, HKU\S-1-5-21-4193904827-2178084348-2157540247-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INFOAXE\infoaxeToolbar, Quarantined, [a1f8af1a0d6e72c48b1b739a877c0ef2],

Registry Values: 1
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\QUIKNOWLEDGE|ie-ver, 11.0.9600.16518, Quarantined, [a0f9b7123d3e6ec8055804138f748a76]

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-4193904827-2178084348-2157540247-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowSearch, 0, Good: (1), Bad: (0),Replaced,[40590bbe5a21ab8bc24ec224669e3dc3]

Folders: 3
PUP.Optional.MixiDJToolbar.A, C:\Program Files (x86)\MIXIDJ_V45, Quarantined, [1f7aecdd59220234b51e418507fbf907],
PUP.Optional.MixiDJToolbar.A, C:\Users\Owner\AppData\LocalLow\MIXIDJ_V45, Quarantined, [d5c4d6f3e49753e32191d6f243bf3ac6],
PUP.Optional.MixiDJToolbar.A, C:\Users\Owner\AppData\LocalLow\MIXIDJ_V45\Logs, Quarantined, [d5c4d6f3e49753e32191d6f243bf3ac6],

Files: 4
PUP.Optional.MixiDJToolbar.A, C:\Program Files (x86)\MixiDJ_V45\GottenAppsContextMenu.xml, Quarantined, [1f7aecdd59220234b51e418507fbf907],
PUP.Optional.MixiDJToolbar.A, C:\Program Files (x86)\MixiDJ_V45\OtherAppsContextMenu.xml, Quarantined, [1f7aecdd59220234b51e418507fbf907],
PUP.Optional.MixiDJToolbar.A, C:\Program Files (x86)\MixiDJ_V45\SharedAppsContextMenu.xml, Quarantined, [1f7aecdd59220234b51e418507fbf907],
PUP.Optional.MixiDJToolbar.A, C:\Program Files (x86)\MixiDJ_V45\ToolbarContextMenu.xml, Quarantined, [1f7aecdd59220234b51e418507fbf907],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#37
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=722c21681359904ba8a223d333d828fe
# engine=19850
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-26 07:29:40
# local_time=2014-08-26 03:29:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 28103 4358065 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 160624830 0 0
# scanned=268436
# found=20
# cleaned=18
# scan_time=9806
sh=F3E87891BBF759E953D6A1E0F6872B2F1A0FEF3E ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter potentially unwanted application" ac=I fn="C:\Users\All Users\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll"
sh=C67AADB8DC7B70FA1E6B28D3CCF2BEBEB4BA01C8 ft=1 fh=3e4c721b85cb7d65 vn="a variant of Win32/ExpressDownloader.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\GoforFiles\uninstall.exe"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\MixiDJ_V45\hktbMixi.dll"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrstub.dll"
sh=2E4ED7E54AA884C4B245FA6CA293070EF36ECAFC ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PhotoFriendzy_82 Chrome Extension\bar\[email protected]"
sh=F3E87891BBF759E953D6A1E0F6872B2F1A0FEF3E ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll"
sh=4907ADEB74AA33DDAD164B84BC26F26D1C703E24 ft=1 fh=9c8f5f5a896f0190 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Carol\Local Settings\Temp\ApnStub.exe"
sh=6846A2F81389B7C2A61509D795CE6B6B16E7297F ft=1 fh=1a23ae1e279c7a5f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Carol\Local Settings\Temp\ASKCC.tmp"
sh=2A7A34747C399CA81099B5F242F18770AE15F9B1 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe"
sh=0D6B144C5F386D53A8489E8434D8DE597BF4EC20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}\chrome\serif_photoplus.jar"
sh=8592AE1EA19834BD55EA95B86E99722DAF8FCE41 ft=1 fh=729c37a8e7cd74b0 vn="a variant of Win32/InstallCore.QC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\CCleaner_Setup.exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\ccsetup416 (1).exe"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\ccsetup416.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Owner\Downloads\cc_setup.exe"
sh=A60CABC4FF3C3DE2B104D824693043F7479ED2D4 ft=1 fh=737fc4443e90df1a vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSI4C8F.tmp"
sh=DC3C29A963871A9FF0613FFEC4FC39AB04760924 ft=1 fh=aa8756f8c51680cf vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSIBEA0.tmp"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=722c21681359904ba8a223d333d828fe
# engine=19966
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-02 10:08:58
# local_time=2014-09-02 06:08:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 4972423 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 161239188 0 0
# scanned=268604
# found=1
# cleaned=0
# scan_time=9551
sh=985AE5B998513B7D9C2749DF15CAE7C04C3BDC9E ft=1 fh=2f9831d32275f6eb vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
 


  • 0

#38
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

All looking good Carol.

There are a couple of folders that need removing using FRST again as ESET didn't clear them and then I think we will do one more adwcleaner run and and can move on to cleaning up the mess we have made lol :D

First...

FRST Fix
If FRST.exe/FRST64.exe is not on your desktop, please download Farbar Recovery Scan Tool and save it to your desktop.

  • Download the attached Attached File  fixlist.txt   75bytes   34 downloads and save it to your desktop <<< very important - it must be in the same location as FRST.exe/FRST64.exe
  • Right click frst.png and run as administrator. When the tool opens click Yes to the disclaimer.
  • Press the Fix button.
  • It will produce a log called fixlog.txt on your Desktop.
  • Please copy and paste the contents of that log back here.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

 


  • 0

#39
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Owner at 2014-09-03 10:49:17 Run:3
Running from C:\Users\Owner\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Users\All Users\Fighters
C:\Users\All Users\Tarma Installer
end
*****************

"C:\Users\All Users\Fighters" => File/Directory not found.
"C:\Users\All Users\Tarma Installer" => File/Directory not found.

==== End of Fixlog ====


  • 0

#40
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

# AdwCleaner v3.309 - Report created 03/09/2014 at 10:56:11
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-HP
# Running from : C:\Users\Owner\Desktop\New folder\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Windows Genuine Advantage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d2ittass.default\prefs.js ]


-\\ Google Chrome v38.0.2125.24

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [17659 octets] - [28/08/2014 10:29:03]
AdwCleaner[R1].txt - [17582 octets] - [28/08/2014 15:09:13]
AdwCleaner[R2].txt - [1777 octets] - [03/09/2014 10:53:15]
AdwCleaner[S0].txt - [17100 octets] - [28/08/2014 15:10:56]
AdwCleaner[S1].txt - [1593 octets] - [03/09/2014 10:56:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1653 octets] ##########
 


  • 0

Advertisements


#41
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Good news, it looks like your system is now clean. So if you aren't having any problems now we can finish up.

A good workman cleans up after himself so let's now attend to that :D

Tool Removal

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    delfix-select.png
  • Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply



Keep your machine updated

Due to the ever-present tide of malware, it is important to ensure your computer is kept up-to-date to minimize the risk of future infection. An important step is to ensure that automatic updates are enabled.


To enable automatic updates:

Windows 7
To turn on Automatic Updates yourself, follow these steps:

  • Click Start, type Windows update in the search box, and then click Windows Update in the Programs list.
  • In the left pane, click Change settings.
  • Select the option that you want.
  • Under Recommended updates, select the Give me recommended updates the same way I receive important updates or Include recommended updates when downloading, installing, or notifying me about updates check box, and then click OK.

It is recommended to install an anti-malware to help prevent reinfection.
Below are some free ones that can help keep you clean.

Malwarebytes AntiMalware

As you have installed Malwarebytes, I recommend that you keep this program and use it to help you stay clean.

The free version will scan your computer and fix the problems it finds but will not provide real-time protection. You must scan regularly to find any threats.
Consider purchasing the full version for active monitoring of threats.



Update Other Programs

Alongside keeping Windows updated, other programs installed on your computer should also be kept current as they too can introduce security risks.

Filehippo Update Checker will scan your computer for out of date programs and provide download links for the updates. This is worth doing on a regular basis.

Recommended Programs

Web Of Trust is a browser add-on designed to alert the user before interacting with a potentially malicious website. It will highlight green if a site is known to be safe.
Adblock is a firefox browser add-on that blocks annoying banners, pop-ups and video ads.

General Advice

  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Don't open email attachments unless you are expecting them. Even an email from your best friend can be infected, they might not have sent it.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

  • 0

#42
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

# DelFix v10.8 - Logfile created 04/09/2014 at 09:15:51
# Updated 29/07/2014 by Xplode
# Username : Owner - OWNER-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Owner\Desktop\SecurityCheck.exe
Deleted : C:\Users\Owner\Desktop\TFC.exe
Deleted : C:\Users\Owner\Downloads\adwcleaner_3.309.exe
Deleted : C:\Users\Owner\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1300 [Windows Update | 08/22/2014 21:32:59]
Deleted : RP #1301 [Windows Update | 08/23/2014 12:32:03]
Deleted : RP #1302 [Windows Update | 08/23/2014 12:35:39]
Deleted : RP #1303 [Windows Live Essentials | 08/28/2014 14:45:55]
Deleted : RP #1304 [WLSetup | 08/28/2014 14:46:30]
Deleted : RP #1305 [Windows Update | 08/28/2014 15:05:05]
Deleted : RP #1306 [Removed Windows Live Mesh ActiveX Control for Remote Connections | 08/28/2014 15:12:47]
Deleted : RP #1307 [Windows Update | 08/29/2014 22:08:50]
Deleted : RP #1308 [avast! antivirus system restore point | 08/31/2014 13:06:28]
Deleted : RP #1309 [Windows Backup | 08/31/2014 13:55:35]
Deleted : RP #1310 [Windows Update | 09/02/2014 10:53:24]
Deleted : RP #1311 [avast! antivirus system restore point | 09/02/2014 14:17:49]
Deleted : RP #1313 [Restore Point before Corrupt Patch Registry keys | 09/02/2014 14:33:46]
Deleted : RP #1315 [Restore Point before Microsoft Office Single Image 2010 was removed using Program Install and Uninstall troubleshooter | 09/02/2014 14:34:19]
Deleted : RP #1317 [ Microsoft Office Single Image 2010  | 09/02/2014 14:34:58]

New restore point created !

########## - EOF - ##########
 


  • 0

#43
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

That's great Carol, looks like you are good to go :D

 

Thank you for staying until the end, I realise it takes a while but it makes it all worth it to us :D


  • 0

#44
carol1019s

carol1019s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Thank you for all your help


  • 0

#45
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Absolutely no problem :D


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP