Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hi I keep getting an error message in my firefox browser "navigati

Started by Feather24 , Oct 10 2014 03:22 PM
navigation cancelled virus firefox

  • This topic is locked This topic is locked

#46
Feather24
Posted 22 October 2014 - 11:55 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi Joe, here are the logs from the FRST scans:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by Frances (administrator) on FRANCES-PC on 22-10-2014 18:44:34
Running from C:\Users\Frances\Downloads
Loaded Profile: Frances (Available profiles: Frances)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Alcatel-Lucent) C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Sonix) C:\Windows\vsnp2std.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\VisionBoard\visionboardlauncher.exe
(Google) C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Alexander Nikiforov) C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
(Flux Software LLC) C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Farbar) C:\Users\Frances\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe [1841664 2011-09-07] (Alcatel-Lucent)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [visionboard] => C:\Program Files\VisionBoard\visionboardlauncher.exe [1176064 2009-07-11] ()
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [googletalk] => C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [MP3 Skype Recorder] => C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe [1975296 2011-11-18] (Alexander Nikiforov)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [f.lux] => C:\Users\Frances\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frances\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x794BFD452B67CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A79483D2-6796-4059-832A-41A709A2AAE1}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Frances\AppData\Roaming\Mozilla\Firefox\Profiles\53nb3mux.default-1413581714489
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-19]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Frances\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Profile: C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-26]
CHR Extension: (Google Drive) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (YouTube) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24]
CHR Extension: (Google Search) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-24]
CHR Extension: (Skype Click to Call) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-26]
CHR Extension: (Gmail) - C:\Users\Frances\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-24]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2011-03-29] (Alcatel-Lucent) [File not signed]
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12028032 2007-01-26] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-06-24] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Frances\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 18:44 - 2014-10-22 18:46 - 00018931 _____ () C:\Users\Frances\Downloads\FRST.txt
2014-10-22 18:43 - 2014-10-22 18:44 - 00000000 ____D () C:\FRST
2014-10-22 18:42 - 2014-10-22 18:42 - 01102336 _____ (Farbar) C:\Users\Frances\Downloads\FRST (1).exe
2014-10-22 18:41 - 2014-10-22 18:41 - 01102336 _____ (Farbar) C:\Users\Frances\Downloads\FRST.exe
2014-10-20 07:35 - 2014-10-20 07:35 - 00004837 _____ () C:\Users\Frances\Desktop\ESETSCAN.txt
2014-10-19 23:23 - 2014-10-19 23:23 - 02347384 _____ (ESET) C:\Users\Frances\Downloads\esetsmartinstaller_enu (3).exe
2014-10-18 13:52 - 2014-10-18 13:52 - 02347384 _____ (ESET) C:\Users\Frances\Downloads\esetsmartinstaller_enu (2).exe
2014-10-18 13:41 - 2014-10-18 13:41 - 02347384 _____ (ESET) C:\Users\Frances\Downloads\esetsmartinstaller_enu (1).exe
2014-10-18 12:02 - 2014-10-18 12:02 - 02347384 _____ (ESET) C:\Users\Frances\Downloads\esetsmartinstaller_enu.exe
2014-10-18 11:35 - 2014-10-18 11:35 - 00000822 _____ () C:\Users\Frances\Desktop\JRT.txt
2014-10-18 11:29 - 2014-10-14 12:43 - 01705698 _____ (Thisisu) C:\Users\Frances\Desktop\JRT_NEW.exe
2014-10-18 11:24 - 2014-10-18 11:24 - 01705698 _____ (Thisisu) C:\Users\Frances\Downloads\JRT.exe
2014-10-17 22:35 - 2014-10-17 22:35 - 00000000 ____D () C:\Users\Frances\Desktop\Old Firefox Data
2014-10-15 20:58 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 20:58 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 20:58 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 20:58 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 20:57 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 20:57 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 20:57 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 20:57 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 20:57 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 20:57 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 20:57 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 20:57 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 20:57 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 20:57 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 20:57 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 20:57 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 20:57 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 20:57 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 20:57 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 20:57 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 20:57 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 20:57 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 20:57 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 20:57 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 20:57 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 20:57 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 20:57 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 20:57 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 20:57 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 20:57 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 20:57 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 20:57 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 20:57 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 20:57 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 20:57 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 20:57 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 20:57 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 20:57 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 20:57 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 20:57 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 20:56 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 20:56 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 20:56 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 20:56 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 20:56 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 20:56 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 20:56 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 20:56 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 20:56 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 20:56 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 20:55 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 20:55 - 2014-08-19 03:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 20:55 - 2014-08-19 03:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 20:55 - 2014-08-19 03:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 20:55 - 2014-08-19 03:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 20:55 - 2014-08-19 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 20:55 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 20:55 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 20:55 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 20:55 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 20:55 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 20:55 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 20:55 - 2014-07-07 02:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 20:55 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 20:55 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 20:55 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 20:55 - 2014-07-07 02:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 20:55 - 2014-06-28 01:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 20:55 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 20:55 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-13 10:48 - 2014-10-13 10:48 - 00000000 ____D () C:\_OTL
2014-10-13 10:46 - 2014-10-13 10:46 - 01705755 _____ (Thisisu) C:\Users\Frances\Desktop\JRT.exe
2014-10-13 10:44 - 2014-10-13 10:44 - 01976320 _____ () C:\Users\Frances\Desktop\adwcleaner_4.000.exe
2014-10-11 20:40 - 2014-10-21 10:39 - 00047892 _____ () C:\Users\Frances\Desktop\Extras.Txt
2014-10-11 20:27 - 2014-10-11 20:27 - 00602112 _____ (OldTimer Tools) C:\Users\Frances\Desktop\OTL.exe
2014-10-09 14:11 - 2014-10-09 14:12 - 57605934 _____ () C:\Users\Frances\Desktop\MTM - Dr. Joseph Riggio Interview.zip
2014-10-06 16:31 - 2014-10-06 16:31 - 00000000 ____D () C:\Users\Frances\Documents\New folder (2)
2014-10-06 16:14 - 2014-10-06 16:14 - 00000000 ____D () C:\Program Files\Photoshop 8
2014-10-01 13:28 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 12:14 - 2014-09-29 12:14 - 00000259 _____ () C:\Users\Frances\Desktop\Our careers.URL
2014-09-24 11:02 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 10:59 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-24 10:59 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-24 10:59 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-24 10:59 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-24 10:59 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-24 10:59 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\system32\locale.nls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-22 18:41 - 2009-07-14 05:34 - 00023568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 18:41 - 2009-07-14 05:34 - 00023568 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 18:39 - 2010-10-09 15:01 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-22 18:39 - 2010-10-08 20:37 - 01959817 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 18:34 - 2011-11-03 13:04 - 00000000 ___RD () C:\Users\Frances\Dropbox
2014-10-22 18:34 - 2011-11-03 13:00 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\Dropbox
2014-10-22 18:33 - 2014-09-13 20:33 - 00009968 _____ () C:\Windows\setupact.log
2014-10-22 18:33 - 2011-02-27 13:37 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 18:33 - 2010-10-11 16:43 - 00000000 ____D () C:\Users\Frances\AppData\Roaming\Skype
2014-10-22 18:33 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 10:39 - 2014-04-19 17:24 - 00105718 _____ () C:\Users\Frances\Desktop\OTL.Txt
2014-10-20 18:53 - 2011-02-27 13:37 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 18:49 - 2012-04-01 16:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 13:51 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 11:38 - 2009-07-14 05:33 - 00429856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 11:35 - 2014-04-23 10:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 00:36 - 2010-10-31 18:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 00:31 - 2013-07-24 01:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 00:11 - 2010-10-09 10:18 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 21:00 - 2011-02-27 13:38 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-14 18:13 - 2014-09-13 20:32 - 00001648 _____ () C:\Windows\PFRO.log
2014-10-14 18:11 - 2013-08-27 14:48 - 00000000 ____D () C:\AdwCleaner
2014-10-14 17:00 - 2010-11-11 19:48 - 00000000 ____D () C:\Users\Frances\Documents\FinePrint files
2014-10-14 15:55 - 2010-10-11 16:42 - 00000000 ___RD () C:\Program Files\Skype
2014-10-14 15:55 - 2010-10-11 16:42 - 00000000 ____D () C:\ProgramData\Skype
2014-10-13 20:03 - 2010-11-08 16:24 - 00000000 ____D () C:\Users\Frances\Documents\EFT
2014-10-13 11:34 - 2014-09-12 11:26 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 16:32 - 2014-09-12 13:25 - 00000000 ____D () C:\Users\Frances\Documents\EFT Tapping solution STRESS
2014-10-01 15:23 - 2010-10-08 20:39 - 00878182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 16:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 11:39 - 2012-04-25 17:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 11:09 - 2014-09-19 14:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 13:50 - 2012-04-01 16:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 13:50 - 2011-06-29 11:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Frances\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6bm3p4.dll
C:\Users\Frances\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Frances\AppData\Local\temp\Quarantine.exe
C:\Users\Frances\AppData\Local\temp\SkypeSetup.exe
C:\Users\Frances\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-11 15:30
 
==================== End Of Log ============================

  • 0

Advertisements

#47
Feather24
Posted 22 October 2014 - 11:58 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-10-2014
Ran by Frances at 2014-10-22 18:47:52
Running from C:\Users\Frances\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon Kindle For PC (HKLM\...\Amazon Kindle For PC) (Version:  - Amazon)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft VideoImpression 2 (HKLM\...\{244E21B9-164C-4EC1-AED8-9BD64161E66D}) (Version:  - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{C2E455CE-A952-4711-9505-51A8898B113F}) (Version:  - ArcSoft)
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avery Wizard 3.1 (HKLM\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Belkin Wireless USB Utility (HKLM\...\InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}) (Version: 6.3.2.16 - Belkin)
Belkin Wireless USB Utility (Version: 6.3.2.16 - Belkin) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Citrix Online Launcher (HKLM\...\{A4B72B94-7745-4CA8-A4D6-D8AC2442451C}) (Version: 1.0.153 - Citrix)
DriverUpdate (HKLM\...\{E3B2301A-17BB-441E-B432-FF4DC8549B8A}) (Version: 2.2.36929 - SlimWare Utilities, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Easy Photo Print (HKLM\...\{F19D07BC-6240-49D3-BA5C-59B015DF8916}) (Version: 1.2.2.0 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Image Clip Palette (HKLM\...\{314F6D08-A8B7-11D8-8446-0050BA1D384D}) (Version: 1.02.00 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
ESDX3800 User's Guide (HKLM\...\ESDX3800 User's Guide) (Version:  - )
Evernote v. 5.6.4 (HKLM\...\{DFDF0BE2-2D71-11E4-9454-00163E98E7D6}) (Version: 5.6.4.4632 - Evernote Corp.)
f.lux (HKCU\...\Flux) (Version:  - )
FinePrint (HKLM\...\FinePrint) (Version: 6.15 - FinePrint Software, LLC)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
IAW20 (HKLM\...\IAW20) (Version:  - )
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Communicator 2007 R2 (HKLM\...\{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}) (Version: 3.5.6907.268 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Skype Recorder (HKLM\...\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}) (Version: 3.1.3 - Alexander Nikiforov)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{09DF00E6-520C-49D5-B7E0-9612165CACA8}) (Version: 3.2.9502 - OpenOffice.org)
Paint.NET v3.5.8 (HKLM\...\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}) (Version: 3.58.0 - dotPDN LLC)
Pamela Pro 4.7 (HKLM\...\Pamela) (Version: 4.7 - Scendix Software GmbH)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIF DESIGNER (HKLM\...\{B90450DF-E781-46FD-B1F1-0C86DA40E443}) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Trust Webcam Live (HKLM\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19.202_WHQL - Sonix)
TweetDeck (HKLM\...\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1) (Version: 0.38.1 - TweetDeck Inc)
TweetDeck (Version: 0.38.1 - TweetDeck Inc) Hidden
Vision Board 1.31 (HKLM\...\Vision Board) (Version: 1.31 - OrangePeel)
VisionBoard Movie Recorder 1.00 (HKLM\...\VisionBoard Movie Recorder) (Version: 1.00 - OrangePeel)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vocal Remover (HKCU\...\Vocal Remover) (Version:  - Make-Your-Own-Karaoke.com)
Vocal Remover (Version: 1.2.4 - Make-Your-Own-Karaoke.com) Hidden
XNote Stopwatch (HKLM\...\XNote Stopwatch) (Version: 1.67 - dnSoft Research Group)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{10DD084E-A5AE-456F-A3BE-DA67EBE6B090}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{15B6FEE5-5FB3-4071-AC1F-7AEDC0E2A6BB}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{1BCA4635-F1FC-44C8-B829-48229AEB32E3}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{222C0F35-3D78-4570-9F6D-BAEE289D0304}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{29DCD339-D184-469B-8BFB-199A2CCF014E}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{2DBCDA9F-1248-400B-A382-A56D71BF7B15}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{2EEAB6D0-491E-4962-BBA1-FF1CCA6D4DD0}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3506CDB7-8BC6-40C0-B108-CEA0B9480130}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3D3E7C1B-79A7-4CC7-8925-41FA813E9913}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3E01D8E0-A72B-4C9F-99BD-8A6E7B97A48D}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\Frances\Desktop\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{42FE718B-A148-41D6-885B-01A0AFAE8723}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{452CCB69-6A95-4370-9E5A-B3EFB06A7651}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{4B42750B-57A1-47E7-B340-8EAE0E3126A4}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{52071016-E648-4D3B-B57E-2B46CC993CE0}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{5792FC7D-5E1D-4F1A-BD4F-A7A50F92BC6E}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{5E541E71-A474-4EAD-8FCB-24D400D023B7}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{61F8FAF0-82D0-407C-AE97-31441483AE40}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{67F2A879-82D5-4A6D-8CC5-FFB3C114B69D}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\program\so_activex.dll ()
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{6AC51E9C-7947-4B46-A978-0AD601C4EFC9}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{6FA10A39-4760-4C94-A210-2398848618EC}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7ACDC5B4-76A1-4BDF-918D-6962FCABBAD3}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7B030003-037D-490D-9169-A4F391B3D831}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofiltproxy.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{830690FC-BF2F-47A6-AC2D-330BCB402664}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Frances\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{89DD2F9D-C325-48BF-A615-96BD039BBC83}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{9017071A-2E34-4C3A-9BBB-688CBB5A9FF2}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{9D073235-D787-497D-8D1F-929559F1C621}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{A7DF2611-D752-4C9F-A90A-B56F18485EE9}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{A8109DB9-88E0-42FE-98EA-8A12BE5394C6}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{A983C9EC-D73E-4364-B89B-ACD1E405674F}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{B09AC3FF-0D5D-41C6-A34E-7C3F58A3127C}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{B0FE88F0-C92F-46D6-878F-31599BEA944C}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{CC461FC3-C9BE-41FB-8E47-E0115CBC01CC}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\Avery Wizard 3.1\AvWizRes.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D26B1D42-9C42-4E7B-BB73-86384C4B4345}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Avery\AVERYW~1.1\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Frances\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{DD0E8ED5-1494-4B87-A35C-39F6ED4B1153}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{E1BC9147-C3E3-4E8A-8304-5E6B5C1C0774}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{F278D870-7AF7-4957-96EE-E6AC72D0B109}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{F3188CF3-EF22-4C5B-92CB-605964761C3B}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frances\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1527785505-3915310178-3884954049-1000_Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\InprocServer32 -> C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
 
==================== Restore Points  =========================
 
24-09-2014 18:16:13 Windows Update
28-09-2014 18:00:37 Windows Backup
01-10-2014 16:45:43 Windows Update
05-10-2014 18:25:41 Windows Backup
12-10-2014 18:00:15 Windows Backup
13-10-2014 09:49:10 OTL Restore Point - 13/10/2014 10:49:02
15-10-2014 23:06:24 Windows Update
19-10-2014 18:00:16 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2014-10-13 10:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2B17A39E-0C7C-42A7-A404-47C0EB3FFE4F} - System32\Tasks\{6F30B801-45EE-40AC-8EE3-E56FDF76A6EF} => C:\Program Files\Amazon\Kindle For PC\KindleForPC.exe [2010-11-11] (Amazon.com)
Task: {2B3C8087-58FA-4E1B-B4DF-FB5598A7634F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {37718E09-EA3C-4D4F-B360-7BAA10363019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-27] (Google Inc.)
Task: {41D8CFDB-F028-4B44-A129-AEE653CDA760} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {503F092D-6E21-4850-B26A-6487E3255864} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {64C705D5-6051-409F-B1E7-24064A1F46D8} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {7E89D135-9068-4AB2-A641-9EE2359532C8} - System32\Tasks\{4A096E15-7CAA-4A7D-ADA6-0FDB95784895} => Firefox.exe http://ui.skype.com/...?LastError=1618
Task: {8FED1C95-A43C-4545-BBC1-ACDEC9711A5B} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {90395C66-3721-462E-822A-554DA714AB35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {9306A6D6-0D90-4322-8316-C05CC2C376F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {AD759222-36F6-448D-8356-0D9419ADF487} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-27] (Google Inc.)
Task: {BE043F62-5F1F-412B-90D0-F6DD9CBD33D4} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {CBF392AA-617E-4328-826C-038BF4F7EB55} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Frances Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
Task: {EE99BD7C-D3D9-4A01-801E-C02D2F96E0B0} - System32\Tasks\{70BEF97D-6873-4354-BFC2-0CAC1AE91DB4} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-11 21:10 - 2009-07-11 21:10 - 01176064 _____ () C:\Program Files\VisionBoard\visionboardlauncher.exe
2014-10-22 18:33 - 2014-10-22 18:33 - 00043008 _____ () c:\users\frances\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6bm3p4.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Frances\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00436576 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-08-26 16:47 - 2014-08-26 16:47 - 00318304 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2014-10-14 21:00 - 2014-10-10 03:03 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-14 21:00 - 2014-10-10 03:03 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-14 21:00 - 2014-10-10 03:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-14 21:00 - 2014-10-10 03:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\S-1-5-21-1527785505-3915310178-3884954049-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1527785505-3915310178-3884954049-500 - Administrator - Disabled)
Frances (S-1-5-21-1527785505-3915310178-3884954049-1000 - Administrator - Enabled) => C:\Users\Frances
Guest (S-1-5-21-1527785505-3915310178-3884954049-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/20/2014 06:48:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program VISION~1.SCR version 1.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1388
 
Start Time: 01cfebfc8eb5c7e9
 
Termination Time: 48
 
Application Path: C:\PROGRA~1\VISION~1\VISION~1.SCR
 
Report Id: ac1e9407-581c-11e4-915e-6cf049582e75
 
Error: (10/18/2014 03:54:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program VISION~1.SCR version 1.5.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1064
 
Start Time: 01cfeae342cdd90a
 
Termination Time: 59
 
Application Path: C:\PROGRA~1\VISION~1\VISION~1.SCR
 
Report Id: 9b4adb97-56d6-11e4-ba00-6cf049582e75
 
Error: (10/18/2014 01:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15693
 
Error: (10/18/2014 01:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15693
 
Error: (10/18/2014 01:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14664
 
Error: (10/18/2014 01:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14664
 
Error: (10/18/2014 01:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:32:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13665
 
Error: (10/18/2014 01:32:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13665
 
 
System errors:
=============
Error: (10/18/2014 01:36:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/18/2014 01:33:19 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
 
Microsoft Office Sessions:
=========================
Error: (10/20/2014 06:48:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: VISION~1.SCR1.5.0.0138801cfebfc8eb5c7e948C:\PROGRA~1\VISION~1\VISION~1.SCRac1e9407-581c-11e4-915e-6cf049582e75
 
Error: (10/18/2014 03:54:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: VISION~1.SCR1.5.0.0106401cfeae342cdd90a59C:\PROGRA~1\VISION~1\VISION~1.SCR9b4adb97-56d6-11e4-ba00-6cf049582e75
 
Error: (10/18/2014 01:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15693
 
Error: (10/18/2014 01:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15693
 
Error: (10/18/2014 01:32:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14664
 
Error: (10/18/2014 01:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14664
 
Error: (10/18/2014 01:32:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:32:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13665
 
Error: (10/18/2014 01:32:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13665
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 73%
Total physical RAM: 2037.49 MB
Available physical RAM: 541.96 MB
Total Pagefile: 4074.98 MB
Available Pagefile: 2788.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:125.54 GB) NTFS
Drive e: () (Fixed) (Total:19.53 GB) (Free:9.73 GB) NTFS
Drive f: () (Fixed) (Total:54.99 GB) (Free:12.78 GB) NTFS
Drive g: (TOSHIBA HDD) (Fixed) (Total:465.65 GB) (Free:276.91 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D820D820)
Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2B1EBCE9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: AA4B0B5E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#48
Feather24
Posted 22 October 2014 - 12:09 PM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Some additional updates also:

 

1. Both firefox and IE still getting message 

Navigation to the webpage was canceled 

when trying to get online.

 

2. When going into my emails via MS outlook my inbox still looks different e.g.

 

i) the received tab has disappeared from my inbox - now no email have any DATES and the contents has been changed into alpha order which I can't change now to the most current.

ii) All messages from facebook have been sent to the junk folder without my permission

iii) emails have been deleted I didn't delete over 30

 

I'm wondering if this bogus email has done this somehow and has access to my email folder, as I didn't make those changes.

 

Great to get some help with what is happening with these two issues Joe. thanks


  • 0

#49
Feather24
Posted 22 October 2014 - 12:31 PM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Hi Joe just done another malwarebytes scan only took 20 mins - nothing found.

 

let me know next steps thanks.


  • 0

#50
Feather24
Posted 22 October 2014 - 02:59 PM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
A separate point i want to check with you is about this fake email in one of the email, inthe email they said someone had replied to my ad , i had advertised something so i thought ii was ok. They asked me for my zip code to locat
e the response unfortunately i did. When i tried to go to the page it was blank. I tried reporting to the site got another fake email promising to get back to me in 6hrs that was over 2 days ago. So im concerned about my browser security and identity theft. what's best to do to secure things other thoughts about security would be helpful thanks.
  • 0

#51
zep516
Posted 22 October 2014 - 04:44 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Malwarebytes is clean because there is no Malware, Your latest log is clean. Change your E-Mail passwords if your concerned about security there, I don't see anything that warrants that, but it's a good idea to change passwords just as I told you about Online banking.

So the only issue is

Both firefox and IE still getting message
Navigation to the webpage was canceled when trying to get online.


Outlook what version of outlook are you using? Is that what comes with Microsoft office 2014.

Let me review the Navigation to the webpage was canceled when trying to get online.
  • 0

#52
Feather24
Posted 23 October 2014 - 03:01 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts
Hi ok so you think there will be no issues or fallout from the fake email around identity theft that isn't an issue and if ihave concerns then changing my password will cover that. In terms of my ms office it doesn't ask me for a password. How can i set one? It's ms office prof plus 2010.

you will take a look at the navigation as this is the only issue left as both logs are clean. thanks so much for your help Joe and your next steps.
  • 0

#53
Feather24
Posted 23 October 2014 - 08:30 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

ps I've confirmed that the email I got was fake, and reported it the fraud squad here.  I'm managed to put a password on myself now so no need to reply about that thanks.

 

Additionally I have another problem:

 

1. I tried to sign into skype and it suspended my account.  Normally it works well.  They say they suspend the account when there is a possible security breach.  This suggests that there is other activity affecting my PC?  Does this give you any clues?

 

this is the page they want me to go to, to recover my account is this legit?

 

https://login.skype....change-password

 

 

Here is what skype say:

 

Reasons Skype suspends accounts

Skype might suspend an account:

  • If it has been used in a way that suggests someone other than you might have taken control of it, and is using both the account and your Skype Credit or subsciption in markedly different ways from your normal behavior. THIS IS POSSIBLE
  • If you are disputing a payment (also called a chargeback), we will assume that there is some problem with either your payment method or your account. NOT doing this
  • If there is a violation of Skype's rules and/or policies.  NOT done this to best of my knowledge

 

2. I'm wondering if ESET got rid of  JS/Agent.NNSTrojan that it found? Can you confirm if it did please?

 

 

Thanks Joe. :yes:


Edited by Feather24, 23 October 2014 - 12:52 PM.

  • 0

#54
zep516
Posted 23 October 2014 - 05:59 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

That skype page is a secured page (https) and legit.

I can't confirm ESET. Can you run it again and let it finish.

Thanks
Joe :)
  • 0

#55
Feather24
Posted 24 October 2014 - 03:14 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Thanks Joe. Re, eset im confused now. I ran eset it took over 8hrs and it did finish i posted the whole log. When it was running i noticed the Trojan as one of the threats it logged as it went along. Are you saying that it didn't identify it in the log?

 

PS I'm back into skype now thanks for confirming the link.


Edited by Feather24, 24 October 2014 - 04:08 AM.

  • 0

Advertisements

#56
zep516
Posted 24 October 2014 - 06:12 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi,

Let me go back an look at the ESET Log.

Off to work now.

Joe
  • 0

#57
Feather24
Posted 24 October 2014 - 12:37 PM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Ok thanks Joe.  :yes:

 

I also thought I would post the issues I am still getting  with the browsers, I know you said you were going to take another look and get back to me.  

 

In IE - I can only get google and mostly the navigation is cancelled or hangs and no page opens up.  Even when I go into google and search for something whatever I select hangs and doesn't work.

 

Firefox: mostly navigation cancelled or connection was interrupted

 
The connection to www.geekstogo.com was interrupted while the page was loading.
 
    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer's network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
 
Chrome is the only site that works consistently and I'm not sure if that is because in the past I've hardly used it.
 
So what I understand you will let me know about are:
 
1. ESET log re: Trojan
2. Browser problems
 
Hope that helps to give you more to go on!  thanks Joe hope work goes well   :)

Edited by Feather24, 24 October 2014 - 12:51 PM.

  • 0

#58
zep516
Posted 24 October 2014 - 06:13 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

For browser problems, try this.

Clean out your temporary internet files and temp files.
Download TFC by OldTimer http://oldtimer.geekstogo.com/TFC.exe to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

If that does not work above
Then reboot your modem and router. Just un- plug them for a min. Then replug them in.

I don't see the Trojan in the ESET Log.

I will not be back on the web site till Saturday at around 3PM EST, USA.

Thanks
Joe :)
  • 0

#59
Feather24
Posted 27 October 2014 - 03:32 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Thanks for checking the ESET log again, it seems that although the initial process showed the Trojan it hasn't shown up in the log for some reason?  So does this mean that the Trojan has been removed?

 

I've completed the temp files removal.

 

cleared 1,298.00mb is that a lot will it make a difference?  

 

Now I'm getting this response in firefox: 

Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.

 

IE - navigation to page still cancelled.

 

Chrome is the only one working.

 

thanks Joe.


Edited by Feather24, 27 October 2014 - 08:55 AM.

  • 0

#60
Feather24
Posted 27 October 2014 - 03:48 AM

Feather24

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 251 posts

Joe, I need to update my Malwarebytes, it prompted me to update to a new version that seems unusual after a short period of time usually I just need to apply the updates.  Would you allow this or download the newer version online?  If so where is the best place to download it? thanks


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: navigation cancelled, virus, firefox

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP