I have a dell laptop and when I try to burn pictures to a CD my computer locks up. Also locks up on other programs. Please help me with this if you can.
Computer locking up [Solved]
Started by
mygrneyedangel
, Sep 11 2014 09:44 AM
-
This topic is locked
#2
Posted 12 September 2014 - 12:57 PM
DanoNH
-
- Malware Removal
-
- 2,155 posts
Trusted Helper
Hello and welcome to Geeks to Go! 
My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user. ALL staff here at Geeks To Go are volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can. PLEASE be patient. 
I am currently in training, so there will be another person reviewing my work. This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... 
- Please note that you should have Administrator rights to perform any fixes. Also note that multiple identity PC’s (family PC’s) can present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.
- Before we proceed, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
- Please understand that malware removal is a complicated, multi-step process. Therefore please stay with me until I tell you that your system is clean. Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean. If you get stuck or have questions, please stop and ask so I can help you.
- Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk. While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
- When posting logs, please Copy & Paste the log file contents into a reply. Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.
OK, now we can get started...
Locking up can be a symptom of malware infection, but in all honesty it sounds like a hardware or driver issue. What I can do for now is review your system for signs of malware. Once this is ruled out, you might want to proceed to the Operating Systems forum. Please wait until we are done here before posting in that forum. 
=======================
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
- Make sure the Addition.txt check-box is checked.
- Press Scan button.
- It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
- Please copy and paste the contents of both of those logs back here.
#3
Posted 15 September 2014 - 11:10 AM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by owner (administrator) on OWNER-PC on 15-09-2014 11:53:29
Running from C:\Users\owner\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\stacsv.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic Professional\LiveBoost.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dell) C:\Users\owner\AppData\Local\Apps\2.0\LR3O185D.HJX\EHZAH5QK.DVG\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(iolo technologies, LLC) C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(Logitech, Inc.) C:\Program Files\SetPoint\SetPoint.exe
() C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
(Local Weather LLC) C:\Users\owner\AppData\Local\WeatherAlerts\WeatherAlerts.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
() C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe
() C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-18] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-05-10] (Synaptics, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3567570486-1457399869-1852187231-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3567570486-1457399869-1852187231-1000\...\Run: [DellSystemDetect] => C:\Users\owner\AppData\Local\Apps\2.0\LR3O185D.HJX\EHZAH5QK.DVG\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\DellSystemDetect.exe [265280 2014-09-14] (Dell)
HKU\S-1-5-21-3567570486-1457399869-1852187231-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3567570486-1457399869-1852187231-1000\...\MountPoints2: {10bbdcef-6a91-11e3-8981-b5f0848fc86e} - F:\menu.exe
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk.disabled
ShortcutTarget: Digital Line Detect.lnk.disabled -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk
ShortcutTarget: SetPoint.lnk -> C:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\owner\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: UEAFOverlay -> {F2F31467-B1AC-4df0-AE79-FD5FA085E22B} => C:\Program Files\Fingerprint Reader Suite\farchns.dll (UPEK Inc.)
ShellIconOverlayIdentifiers: UEAFOverlayOpen -> {A3E208F7-0E3A-4182-A7A6-B169D5D691AA} => C:\Program Files\Fingerprint Reader Suite\farchns.dll (UPEK Inc.)
BootExecute: 睄䋀ƒCꙠɐᜄጔᛈኲEꙠɐɬጧautocheck smrgdf C:\Users\owner\AppData\Roaming\iolo\
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:64856;https=127.0.0.1:64856
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...42&ocid=U142DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear....q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...42&ocid=U142DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....20140914-135-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....20140914-135-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....20140914-135-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.safesear....40914-135-ie-sm
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.safesear....q={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...SP21715TA_sp_ie
SearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...SP21715TA_sp_ie
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D77AF922-A106-49EF-9C46-1E2DB71484B0} URL = https://search.yahoo...p={searchTerms}
BHO: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} http://192.168.1.155...late/WebACS.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.24.0.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 66.232.66.3 208.67.222.222 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370
FF NewTab: hxxp://www.safesear.ch/?type=20140914-135-ff-nt
FF SearchEngineOrder.1: SafeSearch
FF SelectedSearchEngine: Google
FF Homepage: hxxp://dell.msn.com/
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml
FF Extension: Like - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] [2014-09-14]
FF Extension: Simple - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] [2014-09-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-01]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-03]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\extensions\{jid1-vS7biDmom8YxhA@jetpack}
Chrome:
=======
CHR CustomProfile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-09]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-09-11]
CHR Extension: (Services) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-14]
CHR Extension: (RealDownloader) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-09]
CHR Extension: (Simple) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefoganpblmedgjeigepgjfikhhdnnj [2014-09-14]
CHR Extension: (Like) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-09-14]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-09]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\owner\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-06-06]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\owner\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-06-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [24576 2006-11-02] (Microsoft Corporation) [File not signed]
S4 AESTFilters; C:\Windows\system32\aestsrv.exe [73728 2007-09-20] (Andrea Electronics Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [59392 2008-01-20] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2014-06-02] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [315392 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [315392 2009-04-11] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [334848 2009-04-11] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [758784 2009-04-11] (Microsoft Corporation) [File not signed]
S2 Browser; C:\Windows\System32\browser.dll [81920 2008-01-20] (Microsoft Corporation) [File not signed]
S4 CertPropSvc; C:\Windows\System32\certprop.dll [40448 2009-04-11] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2006-11-02] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [133120 2013-07-07] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [550400 2009-04-11] (Microsoft Corporation) [File not signed]
S3 DFSR; C:\Windows\system32\DFSR.exe [2092544 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [204288 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [86528 2011-03-02] (Microsoft Corporation) [File not signed]
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [175616 2009-04-11] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [134656 2008-01-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [57344 2008-01-20] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [292352 2008-01-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation) [File not signed]
S2 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation) [File not signed]
R2 EMDMgmt; C:\Windows\system32\emdmgmt.dll [564224 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\Windows\System32\wevtsvc.dll [1017856 2009-04-11] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [268800 2009-04-11] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [13312 2008-01-20] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [27648 2006-11-02] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [798208 2013-08-26] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [576512 2009-04-11] (Microsoft Corporation) [File not signed]
R2 hidserv; C:\Windows\system32\hidserv.dll [26112 2009-04-11] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [68096 2008-01-20] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [444928 2013-10-10] (Microsoft Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [74240 2008-01-20] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [200704 2010-02-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
R2 KtmRm; C:\Windows\system32\msdtckrm.dll [344576 2008-01-20] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [125952 2010-09-06] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [160256 2009-06-10] (Microsoft Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [188928 2008-01-20] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [18944 2006-11-02] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [53760 2008-01-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [45056 2008-01-20] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [407552 2009-04-11] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [105984 2008-01-20] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [111616 2008-01-20] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2009-04-11] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [302592 2009-04-11] (Microsoft Corporation) [File not signed]
S4 Netlogon; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [274432 2008-01-20] (Microsoft Corporation) [File not signed]
R2 netprofm; C:\Windows\System32\netprofm.dll [237056 2008-01-20] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [168448 2008-01-20] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [18432 2008-01-20] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [37888 2008-01-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1502208 2008-01-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [222720 2009-04-11] (Microsoft Corporation) [File not signed]
S4 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
S3 PNRPAutoReg; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\p2psvc.dll [644608 2009-04-11] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [364032 2009-04-11] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [153088 2009-04-11] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [243712 2008-01-20] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2008-01-20] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [262144 2009-04-11] (Microsoft Corporation) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [68608 2008-01-20] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [107008 2009-04-11] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [7680 2006-11-02] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [550400 2009-04-11] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [9728 2011-11-16] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [95232 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [601600 2010-11-04] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [40448 2009-04-11] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [104960 2008-01-20] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\Windows\system32\seclogon.dll [19968 2008-01-20] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [47104 2008-01-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [84992 2008-01-20] (Microsoft Corporation) [File not signed]
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [288256 2008-01-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) [File not signed]
R2 slsvc; C:\Windows\system32\SLsvc.exe [3408896 2009-04-11] (Microsoft Corporation) [File not signed]
S3 SLUINotify; C:\Windows\system32\SLUINotify.dll [60928 2009-04-11] (Microsoft Corporation) [File not signed]
S4 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2006-11-02] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [128000 2010-08-17] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [155648 2008-01-20] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [116736 2008-01-20] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe [102400 2008-02-15] (IDT, Inc.) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [453120 2009-04-11] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [311808 2009-04-11] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [558080 2009-04-11] (Microsoft Corporation) [File not signed]
R2 TabletInputService; C:\Windows\System32\TabSvc.dll [68096 2006-11-02] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [242688 2009-04-11] (Microsoft Corporation) [File not signed]
S2 TBS; C:\Windows\System32\tbssvc.dll [56320 2008-01-20] (Microsoft Corporation) [File not signed]
R2 TermService; C:\Windows\System32\termsrv.dll [449024 2009-04-11] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [45056 2008-01-20] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [75264 2008-01-20] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [39424 2009-04-11] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2008-01-20] (Microsoft Corporation) [File not signed]
R2 upnphost; C:\Windows\System32\upnphost.dll [259072 2008-01-20] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [29184 2009-04-11] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [385536 2009-04-11] (Microsoft Corporation) [File not signed]
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [97544 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [97544 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [142600 2014-03-25] (CYREN Inc.)
S3 VSS; C:\Windows\system32\vssvc.exe [1055232 2009-04-11] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\Windows\system32\w32time.dll [282624 2009-04-11] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [413696 2009-04-11] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32256 2006-11-02] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [73728 2008-01-20] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\Windows\system32\wdi.dll [73728 2008-01-20] (Microsoft Corporation) [File not signed]
S4 WebClient; C:\Windows\System32\webclnt.dll [199680 2009-04-11] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [146944 2009-10-09] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [62976 2008-01-20] (Microsoft Corporation) [File not signed]
R2 WerSvc; C:\Windows\System32\WerSvc.dll [126976 2009-04-11] (Microsoft Corporation) [File not signed]
S4 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [377344 2011-11-16] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [162304 2009-04-11] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [1181696 2009-10-09] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [513536 2009-07-11] (Microsoft Corporation) [File not signed]
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-18] (Dell Inc.) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [137728 2009-04-11] (Microsoft Corporation) [File not signed]
R3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [896512 2008-01-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [140288 2009-04-11] (Microsoft Corporation) [File not signed]
R2 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [81920 2009-09-30] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [61440 2009-04-11] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [441344 2009-04-11] (Microsoft Corporation) [File not signed]
R2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-25] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2014-05-30] (Microsoft Corporation) [File not signed]
S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [41472 2008-01-20] (Microsoft Corporation) [File not signed]
S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [44032 2008-01-20] (Microsoft Corporation) [File not signed]
R2 AMP; C:\Windows\system32\Drivers\amp.sys [139528 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1386760 2014-03-25] (CYREN Inc.)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2008-01-20] (Microsoft Corporation) [File not signed]
R3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [179712 2007-05-24] (Broadcom Corporation) [File not signed]
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-18] (Broadcom Corporation)
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2008-01-20] (Microsoft Corporation) [File not signed]
S4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45568 2008-01-20] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] (Brother Industries, Ltd.) [File not signed]
S4 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] (Brother Industries Ltd.) [File not signed]
S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] (Brother Industries Ltd.) [File not signed]
S4 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] (Brother Industries Ltd.) [File not signed]
S4 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2008-01-20] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2009-04-10] (Microsoft Corporation) [File not signed]
S4 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2008-01-20] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14208 2008-01-20] (Microsoft Corporation) [File not signed]
S4 Crusoe; C:\Windows\system32\drivers\crusoe.sys [40960 2008-01-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [75264 2011-04-14] (Microsoft Corporation) [File not signed]
S3 dot4; C:\Windows\System32\DRIVERS\Dot4.sys [131584 2008-01-20] (Microsoft Corporation) [File not signed]
S3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [16384 2008-01-20] (Microsoft Corporation) [File not signed]
S3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [36864 2008-01-20] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2008-01-20] (Microsoft Corporation) [File not signed]
S3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [54144 2011-08-15] (Fengtao Software Inc.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6032.sys [220672 2008-01-20] (Intel Corporation) [File not signed]
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-20] (Intel Corporation) [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
S4 ErrDev; C:\Windows\system32\drivers\errdev.sys [6656 2008-01-20] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [136704 2009-04-10] (Microsoft Corporation) [File not signed]
R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [142848 2009-04-10] (Microsoft Corporation) [File not signed]
S4 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2008-01-20] (Microsoft Corporation) [File not signed]
R1 FileDisk; C:\Windows\system32\Drivers\FileDisk.sys [9341 2014-07-16] (iolo technologies, LLC (based on original work by Bo Brantén)) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2008-01-20] (Microsoft Corporation) [File not signed]
S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-01-20] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [12800 2012-02-29] (Microsoft Corporation) [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [236544 2009-04-10] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [561152 2009-04-10] (Microsoft Corporation) [File not signed]
S4 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] (Microsoft Corporation) [File not signed]
S4 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12800 2009-04-10] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [411648 2010-02-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-20] (Microsoft Corporation) [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [2016256 2008-04-22] (Intel Corporation) [File not signed]
R3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [111616 2008-04-22] (Intel® Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [41472 2008-01-20] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47616 2008-01-20] (Microsoft Corporation) [File not signed]
S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [64512 2008-01-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [100864 2008-01-20] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2008-01-20] (Microsoft Corporation) [File not signed]
S4 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [15872 2008-01-20] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2008-01-20] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [84480 2008-01-20] (Microsoft Corporation) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2008-01-20] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2008-01-20] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2008-01-20] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [64000 2008-01-20] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [114688 2009-04-10] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [106496 2011-04-29] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [214016 2011-07-06] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [79872 2011-04-29] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2008-01-20] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2008-01-20] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2008-01-20] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2008-01-20] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2008-01-20] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [148480 2009-04-10] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2008-01-20] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2008-01-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [121344 2009-04-10] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [49664 2008-01-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2008-01-20] (Microsoft Corporation) [File not signed]
R1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-04-10] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2008-01-20] (Microsoft Corporation) [File not signed]
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] (N-trig Innovative Technologies) [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2008-01-20] (Microsoft Corporation) [File not signed]
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [235648 2007-12-03] (Creative Technology Ltd.) [File not signed]
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [7424 2007-12-03] (EyePower Games Pte. Ltd.) [File not signed]
R3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [62208 2009-04-10] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2006-11-02] (Microsoft Corporation) [File not signed]
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2006-11-02] (Microsoft Corporation) [File not signed]
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2014-07-16] (Raxco Software, Inc.)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [62976 2008-01-20] (Microsoft Corporation) [File not signed]
S4 Processor; C:\Windows\system32\drivers\processr.sys [40960 2008-01-20] (Microsoft Corporation) [File not signed]
R1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [72192 2009-04-10] (Microsoft Corporation) [File not signed]
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2008-01-20] (Microsoft Corporation) [File not signed]
S3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [2028032 2006-11-02] (ATI Technologies Inc.) [File not signed]
R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2008-01-20] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [76288 2008-01-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2009-04-10] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [69120 2009-04-10] (Microsoft Corporation) [File not signed]
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [28256 2014-07-16] (EldoS Corporation)
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [225280 2009-04-10] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2008-01-20] (Microsoft Corporation) [File not signed]
S4 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [248832 2008-01-20] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2008-01-20] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [180736 2012-05-01] (Microsoft Corporation) [File not signed]
S2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [32256 2007-02-28] (REDC) [File not signed]
R2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [43520 2007-02-28] (REDC) [File not signed]
R2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [37376 2007-02-28] (REDC) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2008-01-20] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [89088 2009-04-10] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2006-11-02] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2006-11-02] (Microsoft Corporation) [File not signed]
S4 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2008-01-20] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [13312 2008-01-20] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2008-01-20] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [11776 2009-04-10] (Microsoft Corporation) [File not signed]
S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] (Microsoft Corporation) [File not signed]
R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2009-04-10] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [305152 2011-02-18] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [330752 2008-02-15] (IDT, Inc.) [File not signed]
S3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [9216 2008-01-20] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [30720 2009-12-08] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-20] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-20] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [72192 2009-04-10] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [24064 2013-06-15] (Microsoft Corporation) [File not signed]
R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-20] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2009-04-10] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-20] (Microsoft Corporation) [File not signed]
S3 UMPass; C:\Windows\System32\DRIVERS\umpass.sys [7680 2008-01-20] (Microsoft Corporation) [File not signed]
S3 USB-100; C:\Windows\System32\DRIVERS\USB100M.SYS [27519 2001-09-13] (Linksys) [File not signed]
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.) [File not signed]
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [73344 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2013-06-28] (Microsoft Corporation) [File not signed]
S4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2011-05-05] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [197632 2013-06-28] (Microsoft Corporation) [File not signed]
S4 usbohci; C:\Windows\system32\drivers\usbohci.sys [19456 2006-11-02] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-20] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2013-07-02] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [65536 2009-04-10] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [23552 2011-05-05] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2008-01-20] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-20] (Microsoft Corporation) [File not signed]
S4 ViaC7; C:\Windows\system32\drivers\viac7.sys [41472 2008-01-20] (Microsoft Corporation) [File not signed]
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] (Microsoft Corporation) [File not signed]
S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2008-01-20] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [40448 2009-09-30] (Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-20] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation) [File not signed]
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 11:53 - 2014-09-15 11:55 - 00051629 _____ () C:\Users\owner\Downloads\FRST.txt
2014-09-15 11:53 - 2014-09-15 11:53 - 01097728 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-09-15 11:53 - 2014-09-15 11:53 - 00000000 ____D () C:\FRST
2014-09-15 10:24 - 2011-04-21 18:28 - 00233000 _____ (UltraVnc) C:\Users\owner\Desktop\DragonForgeSystems.exe
2014-09-14 22:28 - 2014-09-14 22:28 - 00000000 ____D () C:\Program Files\Intel
2014-09-14 22:26 - 2014-09-14 22:26 - 06976080 _____ (Macrovision Corporation) C:\Users\owner\Downloads\iata_enu.exe
2014-09-14 22:12 - 2014-09-15 11:24 - 00000408 _____ () C:\Windows\system32\iolo.ini
2014-09-14 21:30 - 2014-09-14 21:30 - 00001901 _____ () C:\Users\owner\Downloads\Reset_Windows_Update_Full.bat
2014-09-14 12:45 - 2014-09-14 12:45 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.Performance.RNP.193334147521157254.1.1.Run.exe
2014-09-14 11:38 - 2014-09-14 11:38 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-09-14 11:37 - 2014-09-14 11:42 - 00000000 ____D () C:\Program Files\My Dell
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\Windows\Sun
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Oracle
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-14 11:28 - 2014-09-14 11:27 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-14 11:27 - 2014-09-14 11:27 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-14 11:27 - 2014-09-14 11:27 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-14 11:27 - 2014-09-14 11:27 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-14 11:27 - 2014-09-14 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-14 11:20 - 2014-09-14 11:20 - 00918952 _____ (Oracle Corporation) C:\Users\owner\Downloads\jxpiinstall(1).exe
2014-09-14 11:12 - 2014-09-14 23:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-14 11:01 - 2014-09-14 11:01 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SystemRequirementsLab
2014-09-14 10:58 - 2014-09-14 10:59 - 00004358 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-14 10:56 - 2014-09-14 10:56 - 00918952 _____ (Oracle Corporation) C:\Users\owner\Downloads\jxpiinstall.exe
2014-09-14 10:53 - 2014-09-14 10:53 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-09-14 10:15 - 2014-09-15 10:22 - 00000795 _____ () C:\Windows\setupact.log
2014-09-14 10:15 - 2014-09-14 10:53 - 00000000 ____D () C:\Windows\system32\catroot2.bak
2014-09-14 10:15 - 2014-09-14 10:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 01:11 - 2014-09-14 01:11 - 01439447 _____ () C:\Users\owner\Desktop\Windows6.1-KB971033-x86.MSU
2014-09-14 00:40 - 2014-09-14 11:42 - 00000000 ____D () C:\Program Files\NpackdDetected
2014-09-14 00:05 - 2014-09-14 00:05 - 00001057 _____ () C:\Users\owner\Desktop\Revo Uninstaller.lnk
2014-09-14 00:05 - 2014-09-14 00:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-14 00:04 - 2014-09-15 00:04 - 00000000 ____D () C:\Users\owner\AppData\Local\Component
2014-09-14 00:04 - 2014-09-14 00:41 - 00000000 ____D () C:\Program Files\Simple
2014-09-14 00:03 - 2014-09-15 11:22 - 00000000 ____D () C:\ProgramData\Npackd
2014-09-14 00:03 - 2014-09-14 00:41 - 00000000 ____D () C:\Program Files\Like
2014-09-14 00:03 - 2014-09-14 00:04 - 00000258 __RSH () C:\Users\owner\ntuser.pol
2014-09-14 00:03 - 2014-09-14 00:03 - 00002004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
2014-09-14 00:03 - 2014-09-14 00:03 - 00000000 ____D () C:\Users\owner\AppData\Local\NSManager
2014-09-14 00:03 - 2014-09-14 00:03 - 00000000 ____D () C:\Program Files\NpackdCL
2014-09-14 00:02 - 2014-09-14 00:46 - 00000000 ____D () C:\Users\owner\AppData\Local\Fast Browser
2014-09-14 00:02 - 2014-09-14 00:02 - 00002038 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-14 00:02 - 2014-09-14 00:02 - 00002008 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2014-09-14 00:02 - 2014-09-14 00:02 - 00002006 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2014-09-14 00:02 - 2014-09-14 00:02 - 00002004 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-14 00:01 - 2014-09-14 00:01 - 00205752 _____ () C:\Users\owner\Downloads\RevoUninstallerSetup.exe
2014-09-13 19:35 - 2014-09-13 19:35 - 00062286 _____ () C:\Windows\system32\sfcdetails.txt
2014-09-13 19:27 - 2014-09-13 19:27 - 00000000 ____D () C:\Users\owner\Documents\Dell Webcam Center
2014-09-13 19:27 - 2014-09-13 19:27 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Creative
2014-09-13 16:12 - 2014-09-13 16:12 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.wu.LB.193334073022312545.1.1.Run.exe
2014-09-11 17:42 - 2014-09-15 09:56 - 00008172 _____ () C:\Windows\PFRO.log
2014-09-11 15:49 - 2014-09-11 03:25 - 04234306 _____ () C:\Users\owner\Desktop\MVI_0492.AVI
2014-09-11 15:13 - 2014-09-11 15:13 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-09-11 15:13 - 2014-09-11 15:13 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-09-11 15:13 - 2014-09-11 15:13 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-09-11 14:50 - 2014-09-11 14:50 - 00001173 _____ () C:\Users\Public\Desktop\FreeMP4TOAVIConverter.lnk
2014-09-11 14:49 - 2014-09-11 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP4 To AVI Converter
2014-09-11 14:49 - 2014-09-11 14:49 - 00000000 ____D () C:\Program Files\convertaudiofree
2014-09-11 14:47 - 2014-09-11 14:47 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890(2).exe
2014-09-11 14:46 - 2014-09-15 11:52 - 00000000 ____D () C:\Users\owner\AppData\Local\WeatherAlerts
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Local\Local_Weather_LLC
2014-09-11 14:45 - 2014-09-11 14:45 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890(1).exe
2014-09-11 14:42 - 2014-09-11 14:43 - 02184336 _____ (Microsoft Corporation) C:\Users\owner\Downloads\DefaultPack(14).EXE
2014-09-11 14:25 - 2014-09-11 14:25 - 02184336 _____ (Microsoft Corporation) C:\Users\owner\Downloads\DefaultPack(13).EXE
2014-09-11 14:22 - 2014-09-11 14:22 - 02184336 _____ (Microsoft Corporation) C:\Users\owner\Downloads\DefaultPack(12).EXE
2014-09-11 13:23 - 2014-09-11 13:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\convertaudiofree
2014-09-11 13:21 - 2014-09-11 13:30 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Systweak
2014-09-11 13:21 - 2013-08-22 18:36 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-09-11 13:19 - 2014-09-11 13:33 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-09-11 13:18 - 2014-09-11 13:18 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890.exe
2014-09-11 13:15 - 2014-09-11 13:15 - 00002252 _____ () C:\Users\owner\Documents\My Movie.wlmp
2014-09-11 12:19 - 2014-02-17 13:41 - 00024384 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe
2014-09-11 12:15 - 2014-09-11 12:15 - 44138496 _____ () C:\Windows\system32\config\software.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 37863424 _____ () C:\Windows\system32\config\components.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 00135168 _____ () C:\Windows\system32\config\default.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-09-11 12:11 - 2014-09-11 12:11 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ProductData
2014-09-11 12:10 - 2014-09-11 12:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-11 12:09 - 2014-09-14 00:16 - 00000000 ____D () C:\Program Files\IObit
2014-09-11 12:09 - 2014-09-13 23:48 - 00000000 ____D () C:\ProgramData\IObit
2014-09-11 12:09 - 2014-09-11 12:09 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-09-11 12:08 - 2014-09-11 12:10 - 00000000 ____D () C:\Users\owner\AppData\Roaming\IObit
2014-09-11 12:01 - 2014-09-11 12:05 - 38662680 _____ (IObit ) C:\Users\owner\Downloads\advanced-systemcare-setup.exe
2014-09-11 08:53 - 2014-09-11 08:53 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.dvd.FISC.933387438927122.1.1.Run.exe
2014-09-10 11:22 - 2014-09-10 11:22 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.WinFileFolder.FISC.933379581893854.4.5.Run.exe
2014-09-10 11:21 - 2014-09-10 11:21 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.Codec.FISC.933379581893854.4.4.Run.exe
2014-09-10 11:18 - 2014-09-10 11:18 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.dvd.FISC.933379581893854.4.3.Run.exe
2014-09-10 11:16 - 2014-09-10 11:16 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.dvd.FISC.933379581893854.4.2.Run.exe
2014-09-10 11:12 - 2014-09-10 11:12 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.FISC.933379581893854.4.1.Run.exe
2014-09-10 11:10 - 2014-09-10 11:10 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.Performance.RNP.933379581893854.5.1.Run.exe
2014-09-10 11:06 - 2014-09-10 11:06 - 00000000 ____D () C:\MATS
2014-09-10 11:04 - 2014-09-10 11:04 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.FISC.933379581893854.2.1.Run.exe
2014-09-10 10:57 - 2014-09-10 10:57 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.wu.LB.4933379542084084.1.1.Run.exe
2014-09-10 08:41 - 2014-09-10 08:41 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-08 16:42 - 2014-09-14 00:41 - 00000000 ____D () C:\Program Files\WebACS
2014-09-08 16:42 - 2014-09-08 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebACS
2014-09-03 12:10 - 2014-09-15 11:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 12:10 - 2014-09-10 08:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-03 12:10 - 2014-09-10 08:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-28 08:59 - 2014-07-16 08:30 - 00028256 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2014-08-26 10:22 - 2014-08-26 10:22 - 00002807 _____ () C:\Users\owner\Desktop\wp-login.php
2014-08-25 16:19 - 2014-09-15 11:24 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt
2014-08-25 16:14 - 2014-08-28 08:58 - 00001963 _____ () C:\Users\owner\Desktop\System Mechanic Professional.lnk
2014-08-25 16:14 - 2014-08-28 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2014-08-25 16:14 - 2014-08-25 16:14 - 00000000 ____D () C:\Program Files\iolo
2014-08-25 16:14 - 2014-07-16 08:24 - 00118784 _____ (iolo technologies, LLC) C:\Windows\system32\iavlsp.dll
2014-08-25 16:14 - 2014-07-16 08:24 - 00068464 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2014-08-25 16:14 - 2014-07-16 08:24 - 00009341 _____ (iolo technologies, LLC (based on original work by Bo Brantén)) C:\Windows\system32\Drivers\filedisk.sys
2014-08-25 16:14 - 2014-03-25 15:53 - 01386760 ____R (CYREN Inc.) C:\Windows\system32\Drivers\ampse.sys
2014-08-25 15:10 - 2014-09-11 09:04 - 00000000 ____D () C:\Users\owner\AppData\Roaming\KeePass
2014-08-25 14:25 - 2014-08-26 09:20 - 00000000 ____D () C:\Users\owner\Desktop\keypass
2014-08-25 14:23 - 2014-08-25 14:23 - 02325513 _____ () C:\Users\owner\Downloads\KeePass-2.27.zip
2014-08-24 21:53 - 2014-09-14 00:41 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-08-24 21:53 - 2014-08-24 21:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-24 21:53 - 2014-08-24 21:53 - 00001790 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-08-24 21:53 - 2014-08-24 21:53 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Thunderbird
2014-08-24 21:53 - 2014-08-24 21:53 - 00000000 ____D () C:\Users\owner\AppData\Local\Thunderbird
2014-08-24 21:52 - 2014-08-24 21:52 - 26472832 _____ (Mozilla) C:\Users\owner\Downloads\Thunderbird Setup 31.0.exe
2014-08-24 21:36 - 2014-08-24 21:36 - 00000000 ____D () C:\Users\owner\AppData\Roaming\EMCO
2014-08-24 21:34 - 2014-08-24 21:34 - 39893688 _____ (EMCO Software) C:\Users\owner\Downloads\MoveOnBootSetup.exe
2014-08-24 11:51 - 2014-08-24 11:51 - 00077656 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Sony Corporation
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Logitech
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-24 11:48 - 2014-08-24 11:50 - 00000000 ____D () C:\Users\Administrator
2014-08-24 11:48 - 2014-08-24 11:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ioloGovernor
2014-08-24 11:48 - 2014-08-24 11:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\iolo
2014-08-24 11:48 - 2013-06-19 13:08 - 00000000 ____D () C:\Users\Administrator\AppData\LocalGoogle
2014-08-24 11:48 - 2013-06-19 13:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-24 11:48 - 2011-08-17 23:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-08-24 11:48 - 2008-01-20 21:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-24 11:48 - 2008-01-20 21:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-20 03:07 - 2014-06-26 17:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-20 03:07 - 2014-06-26 17:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-20 03:07 - 2014-06-26 17:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-20 03:07 - 2014-06-05 23:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-19 08:45 - 2014-07-24 13:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 08:45 - 2014-07-24 12:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 08:45 - 2014-07-24 12:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 08:45 - 2014-07-24 12:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 08:45 - 2014-07-24 12:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-19 08:45 - 2014-07-24 12:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 08:45 - 2014-07-24 12:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 08:45 - 2014-07-24 12:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 08:45 - 2014-07-24 12:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 08:45 - 2014-07-24 12:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-19 08:45 - 2014-07-24 12:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-19 08:45 - 2014-07-24 12:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-19 08:45 - 2014-07-24 12:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 08:45 - 2014-07-07 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-19 08:45 - 2014-06-13 19:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-19 08:45 - 2014-06-13 19:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-19 08:45 - 2014-06-02 05:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-19 08:45 - 2014-06-02 05:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-19 08:45 - 2014-06-02 05:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-19 08:45 - 2014-06-02 05:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-19 08:45 - 2014-06-02 03:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-19 08:44 - 2014-07-24 12:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 08:44 - 2014-07-24 12:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 08:44 - 2014-07-24 12:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-19 08:44 - 2014-07-24 12:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 08:44 - 2014-07-24 12:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 08:44 - 2014-07-24 12:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 08:44 - 2014-07-24 12:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 08:44 - 2014-07-24 12:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 08:36 - 2014-08-18 08:36 - 11779040 _____ () C:\Users\owner\Downloads\SetupTango.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-15 11:55 - 2014-09-15 11:53 - 00051629 _____ () C:\Users\owner\Downloads\FRST.txt
2014-09-15 11:53 - 2014-09-15 11:53 - 01097728 _____ (Farbar) C:\Users\owner\Downloads\FRST.exe
2014-09-15 11:53 - 2014-09-15 11:53 - 00000000 ____D () C:\FRST
2014-09-15 11:52 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Local\WeatherAlerts
2014-09-15 11:41 - 2014-09-03 12:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 11:29 - 2006-11-02 05:33 - 00778666 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 11:24 - 2014-09-14 22:12 - 00000408 _____ () C:\Windows\system32\iolo.ini
2014-09-15 11:24 - 2014-08-25 16:19 - 00000392 _____ () C:\Windows\system32\iolo.ini.txt
2014-09-15 11:24 - 2013-12-26 14:27 - 01098778 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 11:22 - 2014-09-14 00:03 - 00000000 ____D () C:\ProgramData\Npackd
2014-09-15 11:22 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 11:22 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 11:22 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 10:37 - 2006-11-02 08:01 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 10:22 - 2014-09-14 10:15 - 00000795 _____ () C:\Windows\setupact.log
2014-09-15 09:57 - 2011-08-17 22:58 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 09:56 - 2014-09-11 17:42 - 00008172 _____ () C:\Windows\PFRO.log
2014-09-15 02:00 - 2011-08-17 23:18 - 00000000 ____D () C:\Users\owner\AppData\Local\Adobe
2014-09-15 00:04 - 2014-09-14 00:04 - 00000000 ____D () C:\Users\owner\AppData\Local\Component
2014-09-14 23:06 - 2014-09-14 11:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-14 23:06 - 2013-12-26 15:49 - 00000000 ____D () C:\Users\owner\AppData\Local\CrashDumps
2014-09-14 22:28 - 2014-09-14 22:28 - 00000000 ____D () C:\Program Files\Intel
2014-09-14 22:28 - 2011-02-16 17:07 - 00000000 ____D () C:\Intel
2014-09-14 22:28 - 2009-03-06 14:55 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-14 22:26 - 2014-09-14 22:26 - 06976080 _____ (Macrovision Corporation) C:\Users\owner\Downloads\iata_enu.exe
2014-09-14 21:30 - 2014-09-14 21:30 - 00001901 _____ () C:\Users\owner\Downloads\Reset_Windows_Update_Full.bat
2014-09-14 12:45 - 2014-09-14 12:45 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.Performance.RNP.193334147521157254.1.1.Run.exe
2014-09-14 12:03 - 2012-04-04 15:05 - 00000000 ____D () C:\Temp
2014-09-14 11:42 - 2014-09-14 11:37 - 00000000 ____D () C:\Program Files\My Dell
2014-09-14 11:42 - 2014-09-14 00:40 - 00000000 ____D () C:\Program Files\NpackdDetected
2014-09-14 11:38 - 2014-09-14 11:38 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-09-14 11:38 - 2011-08-15 22:44 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-09-14 11:38 - 2009-03-06 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-09-14 11:37 - 2009-03-06 15:16 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\Windows\Sun
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Oracle
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-14 11:28 - 2014-09-14 11:28 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-14 11:27 - 2014-09-14 11:28 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-14 11:27 - 2014-09-14 11:27 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-14 11:27 - 2014-09-14 11:27 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-14 11:27 - 2014-09-14 11:27 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-14 11:27 - 2014-09-14 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-14 11:23 - 2012-05-30 13:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 11:20 - 2014-09-14 11:20 - 00918952 _____ (Oracle Corporation) C:\Users\owner\Downloads\jxpiinstall(1).exe
2014-09-14 11:17 - 2009-03-06 14:51 - 00000000 ____D () C:\Program Files\Java
2014-09-14 11:01 - 2014-09-14 11:01 - 00000000 ____D () C:\Users\owner\AppData\Roaming\SystemRequirementsLab
2014-09-14 10:59 - 2014-09-14 10:58 - 00004358 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-14 10:56 - 2014-09-14 10:56 - 00918952 _____ (Oracle Corporation) C:\Users\owner\Downloads\jxpiinstall.exe
2014-09-14 10:53 - 2014-09-14 10:53 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-09-14 10:53 - 2014-09-14 10:15 - 00000000 ____D () C:\Windows\system32\catroot2.bak
2014-09-14 10:16 - 2013-12-22 23:33 - 00000000 ____D () C:\Users\owner\AppData\Local\Deployment
2014-09-14 10:15 - 2014-09-14 10:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 01:11 - 2014-09-14 01:11 - 01439447 _____ () C:\Users\owner\Desktop\Windows6.1-KB971033-x86.MSU
2014-09-14 00:46 - 2014-09-14 00:02 - 00000000 ____D () C:\Users\owner\AppData\Local\Fast Browser
2014-09-14 00:41 - 2014-09-14 00:04 - 00000000 ____D () C:\Program Files\Simple
2014-09-14 00:41 - 2014-09-14 00:03 - 00000000 ____D () C:\Program Files\Like
2014-09-14 00:41 - 2014-09-08 16:42 - 00000000 ____D () C:\Program Files\WebACS
2014-09-14 00:41 - 2014-08-24 21:53 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-14 00:41 - 2014-04-28 23:16 - 00000000 ____D () C:\Program Files\SetPoint
2014-09-14 00:41 - 2014-03-26 14:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 00:41 - 2013-09-17 21:45 - 00000000 ____D () C:\Program Files\DVDFab 9
2014-09-14 00:41 - 2012-09-06 10:02 - 00000000 ____D () C:\Program Files\DVDFab Passkey
2014-09-14 00:41 - 2011-09-24 10:01 - 00000000 ____D () C:\Program Files\DVD Shrink
2014-09-14 00:41 - 2011-09-20 17:04 - 00000000 ____D () C:\Program Files\DVDFab 8 Qt
2014-09-14 00:41 - 2011-08-17 22:29 - 00000000 ____D () C:\Program Files\FeltStars
2014-09-14 00:41 - 2011-08-15 13:50 - 00000000 ____D () C:\Program Files\SPCA1528
2014-09-14 00:41 - 2009-03-06 15:23 - 00000000 ____D () C:\Program Files\Windows Live
2014-09-14 00:41 - 2009-03-06 15:05 - 00000000 ____D () C:\Program Files\Digital Line Detect
2014-09-14 00:41 - 2009-03-06 15:04 - 00000000 ____D () C:\Program Files\NetWaiting
2014-09-14 00:40 - 2014-02-03 16:22 - 00000000 ____D () C:\Program Files\LibreOffice 3.6
2014-09-14 00:40 - 2011-08-15 23:16 - 00000000 ____D () C:\Program Files\QuickTime
2014-09-14 00:40 - 2011-08-15 23:14 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-09-14 00:40 - 2009-03-06 15:38 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-14 00:40 - 2009-03-06 15:37 - 00000000 ____D () C:\Program Files\Adobe
2014-09-14 00:40 - 2009-03-06 15:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-14 00:40 - 2009-03-06 15:28 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-09-14 00:40 - 2009-03-06 15:04 - 00000000 ____D () C:\Program Files\Modem Diagnostic Tool
2014-09-14 00:40 - 2009-03-06 15:02 - 00000000 ____D () C:\Program Files\Broadcom
2014-09-14 00:37 - 2013-07-17 00:17 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-09-14 00:37 - 2013-07-17 00:17 - 00000000 ____D () C:\Windows\system32\config\Before Compact
2014-09-14 00:37 - 2013-07-17 00:03 - 00000000 ____D () C:\Windows\system32\config\Original
2014-09-14 00:37 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-09-14 00:22 - 2014-01-07 15:56 - 00000000 ____D () C:\Users\owner\AppData\Local\Windows Live
2014-09-14 00:16 - 2014-09-11 12:09 - 00000000 ____D () C:\Program Files\IObit
2014-09-14 00:05 - 2014-09-14 00:05 - 00001057 _____ () C:\Users\owner\Desktop\Revo Uninstaller.lnk
2014-09-14 00:05 - 2014-09-14 00:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-14 00:04 - 2014-09-14 00:03 - 00000258 __RSH () C:\Users\owner\ntuser.pol
2014-09-14 00:04 - 2011-02-16 17:04 - 00000000 ____D () C:\Users\owner
2014-09-14 00:03 - 2014-09-14 00:03 - 00002004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Google Chrome.lnk
2014-09-14 00:03 - 2014-09-14 00:03 - 00000000 ____D () C:\Users\owner\AppData\Local\NSManager
2014-09-14 00:03 - 2014-09-14 00:03 - 00000000 ____D () C:\Program Files\NpackdCL
2014-09-14 00:03 - 2006-11-02 06:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-14 00:02 - 2014-09-14 00:02 - 00002038 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
2014-09-14 00:02 - 2014-09-14 00:02 - 00002008 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
2014-09-14 00:02 - 2014-09-14 00:02 - 00002006 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\YouTube.lnk
2014-09-14 00:02 - 2014-09-14 00:02 - 00002004 _____ () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.lnk
2014-09-14 00:01 - 2014-09-14 00:01 - 00205752 _____ () C:\Users\owner\Downloads\RevoUninstallerSetup.exe
2014-09-13 23:48 - 2014-09-11 12:09 - 00000000 ____D () C:\ProgramData\IObit
2014-09-13 23:16 - 2009-03-06 08:39 - 00000000 ____D () C:\Windows\SDOLD
2014-09-13 19:35 - 2014-09-13 19:35 - 00062286 _____ () C:\Windows\system32\sfcdetails.txt
2014-09-13 19:27 - 2014-09-13 19:27 - 00000000 ____D () C:\Users\owner\Documents\Dell Webcam Center
2014-09-13 19:27 - 2014-09-13 19:27 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Creative
2014-09-13 16:12 - 2014-09-13 16:12 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.wu.LB.193334073022312545.1.1.Run.exe
2014-09-12 23:50 - 2013-12-26 14:10 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 16:24 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\CATROOT2OLD
2014-09-11 15:49 - 2011-02-19 14:23 - 00110080 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-11 15:13 - 2014-09-11 15:13 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-09-11 15:13 - 2014-09-11 15:13 - 00000000 ____D () C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
2014-09-11 15:13 - 2014-09-11 15:13 - 00000000 ____D () C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
2014-09-11 14:50 - 2014-09-11 14:50 - 00001173 _____ () C:\Users\Public\Desktop\FreeMP4TOAVIConverter.lnk
2014-09-11 14:50 - 2014-09-11 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free MP4 To AVI Converter
2014-09-11 14:49 - 2014-09-11 14:49 - 00000000 ____D () C:\Program Files\convertaudiofree
2014-09-11 14:47 - 2014-09-11 14:47 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890(2).exe
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Local\Local_Weather_LLC
2014-09-11 14:45 - 2014-09-11 14:45 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890(1).exe
2014-09-11 14:43 - 2014-09-11 14:42 - 02184336 _____ (Microsoft Corporation) C:\Users\owner\Downloads\DefaultPack(14).EXE
2014-09-11 14:25 - 2014-09-11 14:25 - 02184336 _____ (Microsoft Corporation) C:\Users\owner\Downloads\DefaultPack(13).EXE
2014-09-11 14:22 - 2014-09-11 14:22 - 02184336 _____ (Microsoft Corporation) C:\Users\owner\Downloads\DefaultPack(12).EXE
2014-09-11 13:33 - 2014-09-11 13:19 - 00018872 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-09-11 13:30 - 2014-09-11 13:21 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Systweak
2014-09-11 13:23 - 2014-09-11 13:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\convertaudiofree
2014-09-11 13:18 - 2014-09-11 13:18 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890.exe
2014-09-11 13:15 - 2014-09-11 13:15 - 00002252 _____ () C:\Users\owner\Documents\My Movie.wlmp
2014-09-11 12:19 - 2014-01-05 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2014-09-11 12:19 - 2008-02-03 18:07 - 00000000 ____D () C:\Windows\Panther
2014-09-11 12:15 - 2014-09-11 12:15 - 44138496 _____ () C:\Windows\system32\config\software.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 37863424 _____ () C:\Windows\system32\config\components.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 00135168 _____ () C:\Windows\system32\config\default.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 00057344 _____ () C:\Windows\system32\config\sam.iobit
2014-09-11 12:15 - 2014-09-11 12:15 - 00028672 _____ () C:\Windows\system32\config\security.iobit
2014-09-11 12:11 - 2014-09-11 12:11 - 00000000 ____D () C:\Users\owner\AppData\Roaming\ProductData
2014-09-11 12:10 - 2014-09-11 12:10 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-11 12:10 - 2014-09-11 12:08 - 00000000 ____D () C:\Users\owner\AppData\Roaming\IObit
2014-09-11 12:10 - 2014-01-16 15:42 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Apple Computer
2014-09-11 12:09 - 2014-09-11 12:09 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-09-11 12:05 - 2014-09-11 12:01 - 38662680 _____ (IObit ) C:\Users\owner\Downloads\advanced-systemcare-setup.exe
2014-09-11 09:04 - 2014-08-25 15:10 - 00000000 ____D () C:\Users\owner\AppData\Roaming\KeePass
2014-09-11 08:53 - 2014-09-11 08:53 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.dvd.FISC.933387438927122.1.1.Run.exe
2014-09-11 03:25 - 2014-09-11 15:49 - 04234306 _____ () C:\Users\owner\Desktop\MVI_0492.AVI
2014-09-10 11:22 - 2014-09-10 11:22 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.WinFileFolder.FISC.933379581893854.4.5.Run.exe
2014-09-10 11:21 - 2014-09-10 11:21 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.Codec.FISC.933379581893854.4.4.Run.exe
2014-09-10 11:18 - 2014-09-10 11:18 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.dvd.FISC.933379581893854.4.3.Run.exe
2014-09-10 11:16 - 2014-09-10 11:16 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.dvd.FISC.933379581893854.4.2.Run.exe
2014-09-10 11:12 - 2014-09-10 11:12 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.FISC.933379581893854.4.1.Run.exe
2014-09-10 11:10 - 2014-09-10 11:10 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.Performance.RNP.933379581893854.5.1.Run.exe
2014-09-10 11:06 - 2014-09-10 11:06 - 00000000 ____D () C:\MATS
2014-09-10 11:04 - 2014-09-10 11:04 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.ProgramInstallUninstall.FISC.933379581893854.2.1.Run.exe
2014-09-10 10:57 - 2014-09-10 10:57 - 00347816 _____ (Microsoft Corporation) C:\Users\owner\Downloads\MicrosoftFixit.wu.LB.4933379542084084.1.1.Run.exe
2014-09-10 08:41 - 2014-09-10 08:41 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-10 08:41 - 2014-09-03 12:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 08:41 - 2014-09-03 12:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-08 16:42 - 2014-09-08 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebACS
2014-09-08 15:43 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-08 15:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-08 15:41 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2014-09-08 15:41 - 2006-11-02 05:22 - 44826624 _____ () C:\Windows\system32\config\software_previous
2014-09-08 15:41 - 2006-11-02 05:22 - 38797312 _____ () C:\Windows\system32\config\components_previous
2014-09-08 15:41 - 2006-11-02 05:22 - 30146560 _____ () C:\Windows\system32\config\system_previous
2014-09-08 15:41 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-08 15:41 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-08 15:41 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-08-28 16:46 - 2014-01-05 16:11 - 00000000 ____D () C:\ProgramData\iolo
2014-08-28 08:58 - 2014-08-25 16:14 - 00001963 _____ () C:\Users\owner\Desktop\System Mechanic Professional.lnk
2014-08-28 08:58 - 2014-08-25 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2014-08-28 08:58 - 2014-07-19 09:15 - 00001975 _____ () C:\Users\owner\Desktop\LiveBoost.lnk
2014-08-26 10:22 - 2014-08-26 10:22 - 00002807 _____ () C:\Users\owner\Desktop\wp-login.php
2014-08-26 09:20 - 2014-08-25 14:25 - 00000000 ____D () C:\Users\owner\Desktop\keypass
2014-08-25 16:14 - 2014-08-25 16:14 - 00000000 ____D () C:\Program Files\iolo
2014-08-25 15:56 - 2012-02-13 14:22 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-25 14:23 - 2014-08-25 14:23 - 02325513 _____ () C:\Users\owner\Downloads\KeePass-2.27.zip
2014-08-24 21:53 - 2014-08-24 21:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-08-24 21:53 - 2014-08-24 21:53 - 00001790 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-08-24 21:53 - 2014-08-24 21:53 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Thunderbird
2014-08-24 21:53 - 2014-08-24 21:53 - 00000000 ____D () C:\Users\owner\AppData\Local\Thunderbird
2014-08-24 21:52 - 2014-08-24 21:52 - 26472832 _____ (Mozilla) C:\Users\owner\Downloads\Thunderbird Setup 31.0.exe
2014-08-24 21:36 - 2014-08-24 21:36 - 00000000 ____D () C:\Users\owner\AppData\Roaming\EMCO
2014-08-24 21:34 - 2014-08-24 21:34 - 39893688 _____ (EMCO Software) C:\Users\owner\Downloads\MoveOnBootSetup.exe
2014-08-24 11:51 - 2014-08-24 11:51 - 00077656 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Sony Corporation
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Logitech
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Dell
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2014-08-24 11:51 - 2014-08-24 11:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-24 11:50 - 2014-08-24 11:48 - 00000000 ____D () C:\Users\Administrator
2014-08-24 11:48 - 2014-08-24 11:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ioloGovernor
2014-08-24 11:48 - 2014-08-24 11:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\iolo
2014-08-23 17:25 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2014-08-23 17:22 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-20 03:13 - 2013-07-18 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-20 03:10 - 2006-11-02 05:24 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-08-20 03:07 - 2013-05-28 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-18 11:31 - 2011-02-16 17:07 - 00000000 ____D () C:\Users\owner\AppData\Local\MediaDirect
2014-08-18 11:31 - 2009-03-06 15:10 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-08-18 11:31 - 2006-11-02 07:37 - 00000000 ____D () C:\Windows\system32\restore
2014-08-18 08:36 - 2014-08-18 08:36 - 11779040 _____ () C:\Users\owner\Downloads\SetupTango.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-15 11:30
==================== End Of Log ============================
#4
Posted 15 September 2014 - 11:46 AM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by owner at 2014-09-15 11:56:05
Running from C:\Users\owner\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )
Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcadeFrontier (HKCU\...\{4AFCAFDC-D870-41FA-B9FB-1442B9DAFE76}) (Version: - ArcadeFrontier)
ArcSoft MediaConverter 8 (HKLM\...\{2CAD3C16-ACD0-43E5-81DA-7E56C3E5336C}) (Version: 8.0.0.21 - ArcSoft)
ArcSoft MediaImpression 2 (HKLM\...\{3D9326E1-E378-48A6-A82B-800147E63306}) (Version: 2.0.50.738 - ArcSoft)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.10.0.8 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 9.1.18.6 - Synaptics)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version: - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version: - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC) <==== ATTENTION
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DMUninstaller (HKLM\...\DMUninstaller) (Version: - ) <==== ATTENTION
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVD Shrink version 4.1 (HKLM\...\{CE0C52A9-0C1C-4289-875A-8FB81BB9A367}_is1) (Version: 4.1 - DVDShrink)
DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
DVDFab 9.0.7.0 (04/10/2013) (HKLM\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
DVDFab Passkey 8.1.0.4 (04/09/2013) (HKLM\...\DVDFab Passkey 8_is1) (Version: - Fengtao Software Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden
FeltStars (HKCU\...\FeltStars) (Version: 5.0 - )
Fingerprint Reader Suite 5.6 (HKLM\...\{A2289997-10A3-48F2-AA03-99180D761661}) (Version: 5.6.2.3476 - UPEK Inc.)
Free MP4 To AVI Converter (HKLM\...\{40803B44-2D66-4981-83F5-8CEE8193F308}) (Version: 1.0.0 - convertaudiofree)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
iolo technologies' System Mechanic Professional (HKLM\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Laptop Integrated Webcam Driver (1.04.01.1011) (HKLM\...\Creative OEM002) (Version: - )
LibreOffice 3.6 (HKLM\...\{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}) (Version: 3.6.3.2 - The Document Foundation)
Like 1.5 (HKLM\...\Like) (Version: 1.5 - Like)
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 - English (HKLM\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostics Tool (HKLM\...\{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}) (Version: 1.0.22.0 - Dell)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.45 - BVRP Software, Inc)
NpackdCL (HKLM\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
PlayMemories Home (HKLM\...\{6F26A633-ACC2-4850-82C5-60A06D606175}) (Version: 3.1.20.06241 - Sony Corporation)
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RabbitTV (HKCU\...\6c2290d276fa0f0d) (Version: 1.0.0.8 - RabbitTV.com)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Simple 1.1 (HKLM\...\Simple) (Version: 1.1 - Simple)
SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.4.0 - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Mechanic 14 Professional (Version: 14.0.1 - ) Hidden
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
USB2.0 VIDBOX NW03 (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 3.0.2 - honestech)
WebACS 1.0.0.34 (HKLM\...\WebACS_is1) (Version: - WebACS)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3567570486-1457399869-1852187231-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3567570486-1457399869-1852187231-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\owner\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Restore Points =========================
14-09-2014 15:57:57 Installed Java 7 Update 67
14-09-2014 16:16:41 Removed Java™ 6 Update 11
14-09-2014 16:17:50 Removed Java 7 Update 67
14-09-2014 16:26:26 Installed Java 7 Update 67
15-09-2014 03:27:43 intel raid drivers
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:23 - 2014-03-27 14:11 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {19E8291F-AF38-4630-B825-D55A90FC3474} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1EF218FC-E66F-4C86-B9DB-900813F6C9B7} - \PCDEventLauncher No Task File <==== ATTENTION
Task: {2FFDF796-8C20-46E2-9B28-26CDB006EE40} - System32\Tasks\ArcadeFrontier => C:\Users\owner\AppData\Local\ArcadeFrontier\veragent.exe
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3E858BAE-FA26-491B-8B3C-AD0C73118234} - System32\Tasks\AdobeAAMUpdater-1.0-owner-PC-owner => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {4328D5E5-53CC-4867-953D-473E9A273B17} - \RocketTab No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {5F4B8DE8-C38F-4E96-91AA-22A6E1523995} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3567570486-1457399869-1852187231-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {611C9B47-43EC-4491-952F-C32667AE2D45} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6ADE570B-7B5F-464E-B012-6A9816BD6182} - System32\Tasks\NSManager_1410697330 => C:\Users\owner\AppData\Local\NSManager\manager.exe [2014-09-02] ()
Task: {8688801E-0F44-4F0C-B678-DC19640B40C7} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {8851BDEC-EEF1-4E6E-81ED-FB6C74191644} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {89B72F41-570F-4132-9282-80A809A16172} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {8B0B9F4B-E06E-4979-AD63-ED83213AE65A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {9592449E-AF41-41CB-AFE8-D989BA8EB9B8} - \PCDoctorBackgroundMonitorTask-Delay No Task File <==== ATTENTION
Task: {A9E27B94-7E75-49E2-97C6-CC9F272757F4} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: {AE3910EE-1F81-4C05-8856-882CC06401E0} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {C853806D-882D-48EA-9BBE-6D50C0A5661F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-17] (Google Inc.)
Task: {D313E2D5-9B88-4C89-A9FF-3AE0A3318497} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-17] (Google Inc.)
Task: {D98DB6FA-73B1-4201-BB77-711A1C68E42F} - \FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl No Task File <==== ATTENTION
Task: {DB3D893C-5164-4F0E-A5C6-33917569DDD2} - \iolo Process Governor No Task File <==== ATTENTION
Task: {E2010B4F-030B-4EAF-AEFB-B82D1ECEAAC3} - System32\Tasks\Component System\Component => C:\Users\owner\AppData\Local\Component\com.exe [2014-09-04] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EAC5A490-4C12-41DA-89C5-35892A0F4F46} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-18] (Dell Inc.)
Task: {FC9F6BF8-0C3A-4B9E-A8A4-3F0458E10B42} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3567570486-1457399869-1852187231-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\Dell Support Center\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2009-03-06 14:53 - 2008-12-18 04:58 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-03-06 14:53 - 2008-12-18 04:55 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2003-08-29 04:23 - 2003-08-29 04:23 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
2014-04-28 23:16 - 2009-07-20 12:27 - 00017936 _____ () C:\Program Files\SetPoint\khalwrapper.dll
2014-02-25 12:00 - 2014-02-25 12:00 - 00550952 _____ () C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe
2014-09-14 11:12 - 2014-09-14 11:12 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-25 12:00 - 2014-02-25 12:00 - 00333864 _____ () C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:214562D2
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: mobilegeni daemon =>
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
System errors:
=============
Error: (09/15/2014 11:39:46 AM) (Source: DCOM) (EventID: 10016) (User: owner-PC)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}owner-PCownerS-1-5-21-3567570486-1457399869-1852187231-1000LocalHost (Using LRPC)
Error: (09/15/2014 11:33:46 AM) (Source: DCOM) (EventID: 10016) (User: owner-PC)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}owner-PCownerS-1-5-21-3567570486-1457399869-1852187231-1000LocalHost (Using LRPC)
Error: (09/15/2014 11:25:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Windows Search6
Error: (09/15/2014 11:25:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Search2147749155 (0x80040D23)
Error: (09/15/2014 11:25:11 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceWindows Search%%1056
Error: (09/15/2014 11:24:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Windows Search5
Error: (09/15/2014 11:24:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Search2147749155 (0x80040D23)
Error: (09/15/2014 11:24:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Windows Search4
Error: (09/15/2014 11:24:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Search2147749155 (0x80040D23)
Error: (09/15/2014 11:24:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Windows Search3
Microsoft Office Sessions:
=========================
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
Error: (09/15/2014 11:56:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -583
CodeIntegrity Errors:
===================================
Date: 2014-09-13 00:00:22.475
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-13 00:00:22.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-13 00:00:21.825
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-13 00:00:21.516
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-13 00:00:19.558
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-13 00:00:19.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-13 00:00:18.932
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-13 00:00:18.613
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-12 23:52:59.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-09-12 23:52:59.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz
Percentage of memory in use: 64%
Total physical RAM: 3061.31 MB
Available physical RAM: 1096.56 MB
Total Pagefile: 6330.86 MB
Available Pagefile: 4454.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.36 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:220.29 GB) (Free:78.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=235.4 GB) - (Type=OF Extended)
==================== End Of Log ============================
#5
Posted 16 September 2014 - 07:05 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi there DanoNH has had to go away so I will take over until he returns 
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\owner\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
ProxyServer: http=127.0.0.1:64856;https=127.0.0.1:64856
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear....q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....20140914-135-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....20140914-135-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....20140914-135-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.safesear....40914-135-ie-sm
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.safesear....q={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...SP21715TA_sp_ie
SearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...SP21715TA_sp_ie
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D77AF922-A106-49EF-9C46-1E2DB71484B0} URL = https://search.yahoo...p={searchTerms}
BHO: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
FF NewTab: hxxp://www.safesear.ch/?type=20140914-135-ff-nt
FF SearchEngineOrder.1: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml
FF Extension: Like - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] [2014-09-14]
FF Extension: Simple - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] [2014-09-14]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\extensions\{jid1-vS7biDmom8YxhA@jetpack}
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-09-11]
CHR Extension: (Services) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-14]
CHR Extension: (Like) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-09-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-11 14:46 - 2014-09-15 11:52 - 00000000 ____D () C:\Users\owner\AppData\Local\WeatherAlerts
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Local\Local_Weather_LLC
2014-09-11 14:45 - 2014-09-11 14:45 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890(1).exe
2014-09-11 13:23 - 2014-09-11 13:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\convertaudiofree
2014-09-11 13:21 - 2014-09-11 13:30 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Systweak
2014-09-11 13:21 - 2013-08-22 18:36 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
Task: {19E8291F-AF38-4630-B825-D55A90FC3474} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1EF218FC-E66F-4C86-B9DB-900813F6C9B7} - \PCDEventLauncher No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4328D5E5-53CC-4867-953D-473E9A273B17} - \RocketTab No Task File <==== ATTENTION
Task: {8688801E-0F44-4F0C-B678-DC19640B40C7} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {9592449E-AF41-41CB-AFE8-D989BA8EB9B8} - \PCDoctorBackgroundMonitorTask-Delay No Task File <==== ATTENTION
Task: {AE3910EE-1F81-4C05-8856-882CC06401E0} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {D98DB6FA-73B1-4201-BB77-711A1C68E42F} - \FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl No Task File <==== ATTENTION
Task: {DB3D893C-5164-4F0E-A5C6-33917569DDD2} - \iolo Process Governor No Task File <==== ATTENTION
C:\Program Files\MyPC Backup
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#6
Posted 16 September 2014 - 08:42 AM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
I am confused. How do I run FRST and then fix?
#7
Posted 16 September 2014 - 08:55 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Open FRST and then press fix... Mayhap I need to reword that bit
#8
Posted 16 September 2014 - 10:08 AM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
Do you mean the Furbar Recovery?
#9
Posted 16 September 2014 - 11:01 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes that is it
#10
Posted 16 September 2014 - 11:42 AM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by owner at 2014-09-16 12:18:38 Run:1
Running from C:\Users\owner\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Users\owner\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
ProxyServer: http=127.0.0.1:64856;https=127.0.0.1:64856
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.safesear....q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....20140914-135-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.safesear....q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesear....20140914-135-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesear....20140914-135-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.safesear....40914-135-ie-sm
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.safesear....q={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...SP21715TA_sp_ie
SearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...SP21715TA_sp_ie
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D77AF922-A106-49EF-9C46-1E2DB71484B0} URL = https://search.yahoo...p={searchTerms}
BHO: Like -> {2159cb25-ef9a-54c1-b43c-e30d1a4a8277} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
FF NewTab: hxxp://www.safesear.ch/?type=20140914-135-ff-nt
FF SearchEngineOrder.1: SafeSearch
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml
FF Extension: Like - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] [2014-09-14]
FF Extension: Simple - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] [2014-09-14]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\extensions\{jid1-vS7biDmom8YxhA@jetpack}
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-09-11]
CHR Extension: (Services) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh [2014-09-14]
CHR Extension: (Like) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf [2014-09-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-09-11 14:46 - 2014-09-15 11:52 - 00000000 ____D () C:\Users\owner\AppData\Local\WeatherAlerts
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-09-11 14:46 - 2014-09-11 14:46 - 00000000 ____D () C:\Users\owner\AppData\Local\Local_Weather_LLC
2014-09-11 14:45 - 2014-09-11 14:45 - 00699016 _____ (CNET Download.com) C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890(1).exe
2014-09-11 13:23 - 2014-09-11 13:23 - 00000000 ____D () C:\Users\owner\AppData\Roaming\convertaudiofree
2014-09-11 13:21 - 2014-09-11 13:30 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Systweak
2014-09-11 13:21 - 2013-08-22 18:36 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
Task: {19E8291F-AF38-4630-B825-D55A90FC3474} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1EF218FC-E66F-4C86-B9DB-900813F6C9B7} - \PCDEventLauncher No Task File <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4328D5E5-53CC-4867-953D-473E9A273B17} - \RocketTab No Task File <==== ATTENTION
Task: {8688801E-0F44-4F0C-B678-DC19640B40C7} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {9592449E-AF41-41CB-AFE8-D989BA8EB9B8} - \PCDoctorBackgroundMonitorTask-Delay No Task File <==== ATTENTION
Task: {AE3910EE-1F81-4C05-8856-882CC06401E0} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
Task: {D98DB6FA-73B1-4201-BB77-711A1C68E42F} - \FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl No Task File <==== ATTENTION
Task: {DB3D893C-5164-4F0E-A5C6-33917569DDD2} - \iolo Process Governor No Task File <==== ATTENTION
C:\Program Files\MyPC Backup
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe => Moved successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\WeatherAlerts.exe => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
"HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
"HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D77AF922-A106-49EF-9C46-1E2DB71484B0}" => Key deleted successfully.
"HKCR\CLSID\{D77AF922-A106-49EF-9C46-1E2DB71484B0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2159cb25-ef9a-54c1-b43c-e30d1a4a8277}" => Key deleted successfully.
"HKCR\CLSID\{2159cb25-ef9a-54c1-b43c-e30d1a4a8277}" => Key deleted successfully.
Firefox newtab deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\user.js => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\safesearch.xml => Moved successfully.
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] => Moved successfully.
C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\Extensions\[email protected] => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{jid1-eFRcA0eiPxecTQ@jetpack} => value deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack} => value deleted successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd => Moved successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flofdhbohbadcgnolfniillmboolleoh => Moved successfully.
C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpimdkibicpfbooggieeanoolfdfhhf => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\Users\owner\AppData\Local\WeatherAlerts" directory move:
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.config => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsK.dat => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsU.dat => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\uninstall.exe => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\WAUpdater.exe => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\WAUpdater.exe.config => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config => Moved successfully.
C:\Users\owner\AppData\Local\WeatherAlerts\.Npackd\Uninstall.bat => Moved successfully.
Could not move "C:\Users\owner\AppData\Local\WeatherAlerts" directory. => Scheduled to move on reboot.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts => Moved successfully.
C:\Users\owner\AppData\Local\Local_Weather_LLC => Moved successfully.
C:\Users\owner\Downloads\cbsidlm-cbsi213-Free_MP4_to_AVI_Converter-SEO-75925890(1).exe => Moved successfully.
C:\Users\owner\AppData\Roaming\convertaudiofree => Moved successfully.
C:\Users\owner\AppData\Roaming\Systweak => Moved successfully.
C:\Windows\system32\roboot.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19E8291F-AF38-4630-B825-D55A90FC3474}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19E8291F-AF38-4630-B825-D55A90FC3474}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EF218FC-E66F-4C86-B9DB-900813F6C9B7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EF218FC-E66F-4C86-B9DB-900813F6C9B7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4328D5E5-53CC-4867-953D-473E9A273B17}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4328D5E5-53CC-4867-953D-473E9A273B17}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8688801E-0F44-4F0C-B678-DC19640B40C7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8688801E-0F44-4F0C-B678-DC19640B40C7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9592449E-AF41-41CB-AFE8-D989BA8EB9B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9592449E-AF41-41CB-AFE8-D989BA8EB9B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask-Delay" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE3910EE-1F81-4C05-8856-882CC06401E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE3910EE-1F81-4C05-8856-882CC06401E0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D98DB6FA-73B1-4201-BB77-711A1C68E42F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D98DB6FA-73B1-4201-BB77-711A1C68E42F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB3D893C-5164-4F0E-A5C6-33917569DDD2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB3D893C-5164-4F0E-A5C6-33917569DDD2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo Process Governor" => Key deleted successfully.
"C:\Program Files\MyPC Backup" => File/Directory not found.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
0 out of 0 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 205.3 MB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-16 12:36:39)<=
C:\Users\owner\AppData\Local\WeatherAlerts => Is moved successfully.
==== End of Fixlog ====
#11
Posted 16 September 2014 - 11:56 AM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
# AdwCleaner v3.310 - Report created 16/09/2014 at 12:50:37
# Updated 12/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\AtuZi
Folder Deleted : C:\Program Files\FastMediaConverter
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\wangzhisong\AppData\Local\Mobogenie
Folder Deleted : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\TelevisionFanatic
File Deleted : C:\Users\owner\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
File Deleted : C:\Users\owner\daemonprocess.txt
File Deleted : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
File Deleted : C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKLM\SOFTWARE\RocketTab
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16563
-\\ Mozilla Firefox v32.0.1 (x86 en-US)
[ File : C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\140ox05w.default-1393965298370\prefs.js ]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.firstKnownVersion", "6.33.3.42833");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=81D070BC-9F49-4832-BA6F-31EA21C1E197&n=780bf861&p2=^XP^xdm002^YYA^us&si=CKf3sp30kr4CFYqhOgodiX4Am[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.hp.user.defined", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installKeysSource", "Cookies");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2014050401");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm002^YYA^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CKf3sp30kr4CFYqhOgodiX4Amw");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.pixelUrl", "hxxp://download.televisionfanatic.com/install_pixels.jhtml?partner=^XP^xdm002^YYA^us&feature=tv&category=general&tbid=81D07[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "81D070BC-9F49-4832-BA6F-31EA21C1E197");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1404251530037");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastKnownVersion", "6.52.4.4622");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "nascar fox");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.successUrl", "hxxp://download.televisionfanatic.com/installComplete.jhtml");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.toolbarCollapsed", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "57101");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
-\\ Google Chrome v
[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [6163 octets] - [16/09/2014 12:45:19]
AdwCleaner[S0].txt - [6169 octets] - [16/09/2014 12:50:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6229 octets] ##########
#12
Posted 16 September 2014 - 12:28 PM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-16 12:58:03
-----------------------------
12:58:03.239 OS Version: Windows 6.0.6002 Service Pack 2
12:58:03.239 Number of processors: 2 586 0x170A
12:58:03.240 ComputerName: OWNER-PC UserName: owner
12:58:32.922 Initialize success
12:58:32.972 VM: initialized successfully
12:58:32.990 VM: Intel CPU virtualization not supported
13:24:04.720 AVAST engine defs: 14091600
13:24:53.283 The log file has been saved successfully to "C:\Users\owner\Downloads\aswMBR.txt"
#13
Posted 16 September 2014 - 12:46 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
What problems are still present ? Is it still locking up on programmes
#14
Posted 16 September 2014 - 12:59 PM
mygrneyedangel
- Topic Starter
-
- Member
-
- 67 posts
Member
Yes it is. Also won't do automatic updates, nor windows defender updates. Error code Oxc8000247 I believe.
#15
Posted 16 September 2014 - 01:04 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK time to do a bit of digging as this appears to be a windows problem
Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme and run
Select Step 4
And run System File Check
Once it has completed then select the settings tab > logs and attach the generated log
THEN
Download and run farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Windows All In One Repair from Tweaking.com to your desktop
Install the programme and run
Select Step 4
And run System File Check
Once it has completed then select the settings tab > logs and attach the generated log
THEN
Download and run farbar service scanner
Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
