Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

How do I tell what antivirus I'm running? [Solved]


  • This topic is locked This topic is locked

#1
pingu632

pingu632

    Member

  • Member
  • PipPip
  • 15 posts

I think I have a malware problem affecting my computer and especially Chrome but before I get there I'm trying to track down a few other causes first.

 

I know I have Avast, malwarebytes, and CCleaner installed but I thought they all do different things?

 

I think I've been staring at this too long today.

 

Any help is appreciated.

Thanks

 

OTL log

OTL logfile created on: 18/10/2014 9:12:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VIRGINIA\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
5.91 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.50% Memory free
11.81 Gb Paging File | 8.70 Gb Available in Paging File | 73.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 51.12 Gb Free Space | 27.44% Space Free | Partition Type: NTFS
Drive D: | 254.36 Gb Total Space | 253.92 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive E: | 61.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 25.00 Gb Total Space | 1.77 Gb Free Space | 7.10% Space Free | Partition Type: NTFS
 
Computer Name: VIRGINIA-PC | User Name: VIRGINIA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/18 08:06:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VIRGINIA\Desktop\OTL.exe
PRC - [2014/10/01 12:42:42 | 002,607,384 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/10/01 12:42:42 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/12 20:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/14 18:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/08/08 00:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/07/31 18:34:49 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/31 12:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/07/15 18:34:20 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/09/19 08:46:58 | 000,250,200 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2012/06/20 18:21:46 | 001,556,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/02/16 21:04:20 | 000,289,408 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012/02/16 21:04:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2011/12/23 19:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/12/22 22:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/18 21:01:35 | 000,043,008 | ---- | M] () -- c:\Users\VIRGINIA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7rt764.dll
MOD - [2014/10/16 03:53:55 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/10/16 03:53:23 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
MOD - [2014/10/16 03:53:06 | 012,435,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/16 03:53:00 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/16 03:52:54 | 005,467,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/16 03:52:50 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/16 03:52:49 | 012,236,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
MOD - [2014/10/16 03:52:29 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/16 03:52:26 | 007,991,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/12 20:20:58 | 003,610,624 | ---- | M] () -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/09/10 07:17:46 | 011,497,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/07/15 18:34:26 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/15 18:34:23 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 21:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/12 00:56:36 | 002,428,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/07/15 18:34:20 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/03 19:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2014/10/18 13:30:27 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/14 13:20:02 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/01 12:42:42 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/23 00:32:08 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/19 08:46:58 | 000,250,200 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/02/16 21:04:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 17:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2011/11/21 17:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/18 21:02:20 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 12:42:52 | 000,534,104 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/07/15 18:34:58 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/15 18:34:31 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/15 18:34:31 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/15 18:34:31 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/15 18:34:31 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/15 18:34:31 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/15 18:34:31 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/07/15 18:34:30 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/10 11:30:58 | 000,322,736 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 17:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/24 09:00:00 | 000,026,856 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tclondrv.sys -- (tclondrv)
DRV:64bit: - [2012/02/18 02:50:33 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/18 02:50:33 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/04 00:57:58 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/11/22 18:21:46 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/22 18:21:46 | 000,130,024 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/11/03 06:09:48 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/03 06:09:22 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/05 08:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/04/25 23:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/18 01:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/11/20 09:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 05:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2014/10/01 12:42:52 | 000,557,656 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/10/01 12:42:52 | 000,445,880 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/09/26 17:01:23 | 000,761,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys -- (RapportCerberus_80055)
DRV - [2011/09/07 12:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\..\SearchScopes,DefaultScope = {99AFC06D-17BA-4F89-BF72-E6612AEA75AE}
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\..\SearchScopes\{99AFC06D-17BA-4F89-BF72-E6612AEA75AE}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/15 18:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/10/18 13:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Extensions
[2014/10/14 13:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/10/14 13:20:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/15 18:34:35 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\9.0.2022.122_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..\RunOnce: [Uninstall C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64" File not found
O4 - Startup: C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\..Trusted Domains: prodigygame.com ([www] https in Trusted sites)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{594CC69C-88AF-4A7C-9225-05CAD6772A12}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7353270B-DCFC-4977-99A8-22157870CB28}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-tt2012 - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/18 14:12:00 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Roaming\IsolatedStorage
[2014/10/18 14:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2014/10/18 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Roaming\DigitalVolcano
[2014/10/18 14:11:44 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Pro
[2014/10/18 14:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Cleaner Pro
[2014/10/18 14:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FMS Empty File Remover
[2014/10/18 13:59:40 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Local\Programs
[2014/10/18 13:57:28 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Local\Macromedia
[2014/10/18 13:37:07 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\AppData\Local\Remove_Empty_Directories
[2014/10/18 13:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Remove Empty Directories
[2014/10/18 09:25:33 | 000,000,000 | ---D | C] -- C:\Users\VIRGINIA\Documents\CC Cleaner reg backups
[2014/10/18 08:54:49 | 000,505,536 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\VIRGINIA\Desktop\autorunsc.exe
[2014/10/18 08:54:47 | 000,593,080 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\VIRGINIA\Desktop\autoruns.exe
[2014/10/18 08:06:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VIRGINIA\Desktop\OTL.exe
[2014/10/16 13:18:45 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/16 13:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/16 13:17:24 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/16 13:17:24 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/16 13:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/10/14 13:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/10/11 08:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/10/08 20:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/01/11 13:09:28 | 000,287,288 | ---- | C] (Citrix Online) -- C:\Users\VIRGINIA\Citrix Online Launcher.exe
[2013/08/28 04:54:47 | 005,402,320 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[1 C:\Users\VIRGINIA\Documents\*.tmp files -> C:\Users\VIRGINIA\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/18 21:08:52 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/18 21:08:52 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/18 21:02:20 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/18 21:02:01 | 000,000,632 | RHS- | M] () -- C:\Users\VIRGINIA\ntuser.pol
[2014/10/18 21:00:50 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/18 21:00:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/10/18 21:00:11 | 461,471,743 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/18 20:35:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/10/18 20:23:01 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/18 20:23:00 | 000,000,304 | ---- | M] () -- C:\windows\tasks\Digital Sites.job
[2014/10/18 13:01:31 | 003,949,064 | ---- | M] () -- C:\empties.bat
[2014/10/18 08:06:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VIRGINIA\Desktop\OTL.exe
[2014/10/16 09:50:54 | 000,002,826 | ---- | M] () -- C:\windows\SysNative\AutoRunFilter.ini
[2014/10/16 03:37:45 | 000,353,256 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/11 08:41:05 | 000,002,281 | ---- | M] () -- C:\Users\VIRGINIA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/05 17:38:53 | 000,876,042 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/10/05 17:38:53 | 000,733,906 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/10/05 17:38:53 | 000,152,826 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[1 C:\Users\VIRGINIA\Documents\*.tmp files -> C:\Users\VIRGINIA\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/18 13:00:26 | 003,949,064 | ---- | C] () -- C:\empties.bat
[2014/10/18 08:54:47 | 000,049,518 | ---- | C] () -- C:\Users\VIRGINIA\Desktop\autoruns.chm
[2014/10/16 03:37:04 | 000,353,256 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/10/11 08:19:33 | 000,002,281 | ---- | C] () -- C:\Users\VIRGINIA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/11 08:18:00 | 000,000,902 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/11 08:18:00 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/20 02:29:03 | 000,007,597 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Local\Resmon.ResmonCfg
[2014/02/22 16:28:37 | 000,000,218 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Local\recently-used.xbel
[2014/01/02 18:46:40 | 000,000,005 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\WBPU-Q5-TTL.DAT
[2013/12/27 19:23:01 | 000,000,103 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\WB.CFG
[2013/12/27 19:23:01 | 000,000,005 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\WBPU-TTL.DAT
[2013/10/25 13:41:15 | 000,116,736 | ---- | C] () -- C:\windows\SysWow64\lfkodak.dll
[2013/10/25 13:41:14 | 000,343,040 | ---- | C] () -- C:\windows\SysWow64\lffpx7.dll
[2013/10/11 09:46:12 | 000,000,088 | RHS- | C] () -- C:\windows\SysWow64\1F300F0608.sys
[2013/10/11 09:39:13 | 000,002,984 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys
[2013/06/04 00:25:53 | 000,000,632 | RHS- | C] () -- C:\Users\VIRGINIA\ntuser.pol
[2013/04/07 20:24:24 | 002,705,248 | ---- | C] () -- C:\Users\VIRGINIA\OurFirstBudget-2013-03-22.QDF
[2013/04/01 19:13:50 | 000,030,720 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/31 20:10:41 | 002,695,168 | ---- | C] () -- C:\Users\VIRGINIA\OurFirstBudget-2013-03-22.QDF-backup
[2013/03/22 17:35:50 | 000,000,149 | ---- | C] () -- C:\windows\QUICKEN.INI
[2013/03/11 13:47:24 | 000,000,254 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2013/03/11 13:47:24 | 000,000,093 | ---- | C] () -- C:\windows\brpcfx.ini
[2013/03/11 13:47:10 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2013/03/11 13:46:32 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2013/02/13 20:57:31 | 000,000,380 | ---- | C] () -- C:\Users\VIRGINIA\AppData\Roaming\sp_data.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/18 13:44:27 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\.minecraft
[2013/12/26 14:43:34 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\AVAST Software
[2014/10/18 13:44:31 | 000,000,000 | ---D | M] -- C:\Users\Tanya\AppData\Roaming\HandBrake
[2014/10/18 00:34:42 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\.minecraft
[2014/10/18 13:48:20 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\ASUS WebStorage
[2014/10/18 14:02:05 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Audacity
[2013/11/30 01:13:29 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\AVAST Software
[2013/08/28 05:02:51 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\AVG
[2014/02/22 16:16:19 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\BHOK
[2014/10/18 13:48:21 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\calibre
[2014/10/18 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
[2014/10/18 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\DigitalVolcano
[2013/07/29 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\DownLite
[2013/08/13 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\DRail Modelspoor Software
[2014/10/18 21:01:42 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Dropbox
[2014/10/18 14:02:05 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Efficient To-Do List Free
[2014/10/18 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\FlvtoConverter
[2014/10/18 13:48:30 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\HandBrake
[2014/10/18 14:12:00 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\IsolatedStorage
[2013/05/05 19:11:31 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\iThmb Converter
[2013/12/27 21:55:32 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Mp3tag
[2013/07/29 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\OpenOffice
[2014/09/13 17:41:34 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\QuickScan
[2014/10/18 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Scribus
[2013/10/16 13:07:16 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Ulead Systems
[2014/04/13 23:30:32 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Unity
[2013/02/15 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\Windows Live Writer
[2013/08/14 18:56:55 | 000,000,000 | ---D | M] -- C:\Users\VIRGINIA\AppData\Roaming\XTrackCad
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE

< End of report >
 

 

Autoruns

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""    "16/10/2014 3:42 AM"
+ "rdpclip"    ""    ""    "File not found: rdpclip"    ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "21/06/2014 5:21 PM"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"    "21/10/2011 12:58 PM"
+ "SynAsusAcpi"    "Asus Custom Acpi Monitor Application"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\synasusacpi.exe"    "05/05/2011 10:37 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "22/09/2014 7:45 PM"
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"    "21/08/2014 12:27 PM"
+ "ATKOSD2"    "ATKOSD2"    "ASUSTek Computer Inc."    "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe"    "22/12/2011 7:57 AM"
+ "AvastUI.exe"    "avast! Antivirus"    "AVAST Software"    "c:\program files\avast software\avast\avastui.exe"    "25/07/2014 8:49 AM"
+ "HControlUser"    "HControlUser"    "ASUS"    "c:\program files (x86)\asus\atk package\atk hotkey\hcontroluser.exe"    "01/04/2009 9:05 AM"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"    "01/09/2014 6:54 AM"
+ "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files (x86)\quicktime\qttask.exe"    "13/01/2014 9:15 PM"
"C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "17/09/2014 11:29 PM"
+ "Dropbox.lnk"    "Dropbox"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropbox.exe"    "04/06/2014 7:05 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "11/10/2014 8:19 AM"
+ ".NET Framework"    "Google Chrome Installer"    "Google Inc."    "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe"    "30/09/2014 11:36 PM"
+ "Active Directory Service Interface"    "Google Chrome Installer"    "Google Inc."    "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe"    "30/09/2014 11:36 PM"
+ "Dynamic HTML Data Binding"    "Google Chrome Installer"    "Google Inc."    "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe"    "30/09/2014 11:36 PM"
+ "Google Chrome"    "Google Chrome Installer"    "Google Inc."    "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe"    "30/09/2014 11:36 PM"
+ "HTML Help"    "Google Chrome Installer"    "Google Inc."    "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe"    "30/09/2014 11:36 PM"
+ "Internet Explorer"    ""    ""    "File not found: C:\windows\system32\ie4uinit.exe"    ""
+ "Internet Explorer Core Fonts"    "Google Chrome Installer"    "Google Inc."    "c:\program files (x86)\google\chrome\application\38.0.2125.101\installer\chrmstp.exe"    "30/09/2014 11:36 PM"
+ "Offline Browsing Pack"    ""    ""    "File not found: C:\windows\system32\ie4uinit.exe"    ""
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "18/10/2014 8:27 AM"
+ "ApplePhotoStreams"    "iCloud Photos"    "Apple Inc."    "c:\program files (x86)\common files\apple\internet services\applephotostreams.exe"    "30/07/2014 6:24 PM"
+ "CCleaner Monitoring"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner64.exe"    "26/09/2014 10:03 AM"
+ "iCloudServices"    "iCloud"    "Apple Inc."    "c:\program files (x86)\common files\apple\internet services\icloudservices.exe"    "30/07/2014 6:24 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce"    ""    ""    ""    "18/10/2014 1:23 PM"
+ "Uninstall C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"    ""    ""    "File not found: rmdir"    ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "26/07/2014 6:50 PM"
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll"    "23/06/2014 8:32 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "08/10/2014 8:09 PM"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"    "26/06/2014 7:46 AM"
+ "PhotoStreamsExt"    "Apple Photostreams UI Shell Extension"    "Apple Inc."    "c:\program files\common files\apple\internet services\shellstreams64.dll"    "11/08/2014 2:45 PM"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext64.dll"    "10/06/2014 1:11 PM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "08/10/2014 8:09 PM"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"    "26/06/2014 7:32 AM"
+ "PhotoStreamsExt"    "Apple Photostreams UI Shell Extension"    "Apple Inc."    "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"    "14/08/2014 9:00 PM"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext.dll"    "10/06/2014 1:11 PM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "11/01/2014 2:18 PM"
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"    "26/06/2014 7:46 AM"
+ "BackupContextMenuExtension"    ""    ""    "File not found: :/Program Files (x86)/ASUS/ASUS WebStorage/3.0.108.222/XPClient.DLL"    ""
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "11/01/2014 2:18 PM"
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"    "26/06/2014 7:32 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers"    ""    ""    ""    "18/02/2012 3:46 AM"
+ "PropertySheetExtension1"    ""    ""    "File not found: :/Program Files (x86)/ASUS/ASUS WebStorage/3.0.108.222/XPClient.DLL"    ""
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "26/07/2014 6:50 PM"
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll"    "23/06/2014 8:32 PM"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "26/07/2014 6:50 PM"
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll"    "23/06/2014 8:32 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "28/06/2012 3:18 AM"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"    "21/10/2011 12:58 PM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "12/08/2014 6:05 PM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"    ""    "Apache Software Foundation"    "c:\program files (x86)\openoffice 4\program\shlxthdl\shlxthdl_x64.dll"    "16/07/2013 9:28 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "12/08/2014 6:05 PM"
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"    "11/05/2013 5:34 AM"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"    ""    "Apache Software Foundation"    "c:\program files (x86)\openoffice 4\program\shlxthdl\shlxthdl.dll"    "16/07/2013 9:28 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "25/03/2014 10:32 PM"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"    "26/06/2014 7:46 AM"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext64.dll"    "10/06/2014 1:11 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "25/03/2014 10:32 PM"
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"    "26/06/2014 7:32 AM"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext.dll"    "10/06/2014 1:11 PM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "25/03/2014 10:32 PM"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext64.dll"    "10/06/2014 1:11 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "25/03/2014 10:32 PM"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext.dll"    "10/06/2014 1:11 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "09/04/2014 7:45 PM"
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashsha64.dll"    "26/06/2014 7:46 AM"
+ "AsusWSShellExt_B"    "AsusWSShellExt64"    "eCareme Technologies, Inc."    "c:\program files (x86)\asus\asus webstorage\3.0.108.222\asuswsshellext64.dll"    "25/05/2011 3:09 AM"
+ "AsusWSShellExt_O"    "AsusWSShellExt64"    "eCareme Technologies, Inc."    "c:\program files (x86)\asus\asus webstorage\3.0.108.222\asuswsshellext64.dll"    "25/05/2011 3:09 AM"
+ "DropboxExt1"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll"    "23/06/2014 8:32 PM"
+ "DropboxExt2"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll"    "23/06/2014 8:32 PM"
+ "DropboxExt3"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll"    "23/06/2014 8:32 PM"
+ "DropboxExt4"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext64.24.dll"    "23/06/2014 8:32 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "09/01/2014 9:22 PM"
+ "DropboxExt1"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext.24.dll"    "23/06/2014 8:31 PM"
+ "DropboxExt2"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext.24.dll"    "23/06/2014 8:31 PM"
+ "DropboxExt3"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\users\virginia\appdata\roaming\dropbox\bin\dropboxext.24.dll"    "23/06/2014 8:31 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "01/08/2014 9:05 PM"
+ "avast! Online Security"    "IE Webrep plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie64.dll"    "25/06/2014 12:18 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "22/09/2014 7:45 PM"
+ "avast! Online Security"    "IE Webrep plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie.dll"    "25/06/2014 12:16 PM"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"    "25/07/2014 2:45 PM"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"    "25/07/2014 2:45 PM"
"Task Scheduler"    ""    ""    ""    ""
+ "\Adobe Flash Player Updater"    "Adobe® Flash® Player Update Service 15.0 r0"    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"    "24/09/2014 5:25 PM"
+ "\Adobe online update program"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"    "21/08/2014 12:27 PM"
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"    "01/06/2011 8:46 PM"
+ "\ASUS Live Update"    "ASUS Live Update"    "ASUSTeK Computer Inc."    "c:\program files (x86)\asus\asus live update\liveupdate.exe"    "20/06/2012 5:21 AM"
+ "\ASUS P4G"    "Power4Gear Hybrid"    "ASUS"    "c:\program files\asus\p4g\batterylife.exe"    "14/02/2012 3:28 AM"
+ "\AsusVibeSchedule"    "AsusVibe Application"    ""    "c:\program files (x86)\asus\asusvibe\asusvibelauncher.exe"    "31/08/2012 5:24 AM"
+ "\ATKOSD2"    "ATKOSD2"    "ASUSTek Computer Inc."    "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe"    "22/12/2011 7:57 AM"
+ "\avast! Emergency Update"    "avast! Emergency Update"    "AVAST Software"    "c:\program files\avast software\avast\avastemupdate.exe"    "26/06/2014 7:31 AM"
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner.exe"    "26/09/2014 10:00 AM"
+ "\Digital Sites"    ""    ""    "File not found: C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE"    ""
+ "\GoogleUpdateTaskMachineCore"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "29/09/2014 9:19 PM"
+ "\GoogleUpdateTaskMachineUA"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "29/09/2014 9:19 PM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "10/06/2009 4:36 PM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "18/10/2014 9:06 PM"
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"    "21/08/2014 12:27 PM"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"    "24/09/2014 5:25 PM"
+ "AFBAgent"    "ASUS FastBoot"    "ASUSTeK Computer Inc."    "c:\windows\system32\fbagent.exe"    "03/03/2011 4:55 AM"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"    "11/02/2014 9:26 AM"
+ "ASLDRService"    "ASLDR Service"    "ASUS"    "c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe"    "21/11/2011 2:21 AM"
+ "ASUS InstantOn"    "ASUS InstantOn Program"    "ASUS"    "c:\program files (x86)\asus\instanton for nb\insonsrv.exe"    "16/02/2012 5:49 AM"
+ "ATKGFNEXSrv"    "GFNEXSrv"    "ASUS"    "c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe"    "21/11/2011 2:19 AM"
+ "avast! Antivirus"    "Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler."    "AVAST Software"    "c:\program files\avast software\avast\avastsvc.exe"    "26/06/2014 7:37 AM"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"    "31/08/2011 1:52 AM"
+ "BrYNSvc"    "BrYNCSvc"    "Brother Industries, Ltd."    "c:\program files (x86)\browny02\brynsvc.exe"    "24/01/2010 7:22 PM"
+ "Garmin Core Update Service"    "Keeps the software and content on your Garmin devices and the Garmin software on your PC up to date."    "Garmin Ltd or its subsidiaries"    "c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe"    "19/09/2013 9:46 AM"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "29/09/2014 9:19 PM"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "29/09/2014 9:19 PM"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"    "01/09/2014 6:54 AM"
+ "LMS"    "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"    "20/12/2010 10:10 PM"
+ "MBAMScheduler"    "Malwarebytes Anti-Malware scheduler"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe"    "11/09/2014 9:29 PM"
+ "MBAMService"    "Malwarebytes Anti-Malware service"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe"    "21/08/2014 3:50 PM"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"    "11/10/2014 6:07 AM"
+ "ProtexisLicensing"    "Protexis Licensing Service"    ""    "c:\windows\syswow64\psiservice.exe"    "03/11/2006 12:36 AM"
+ "RapportMgmtService"    "IBM Security Trusteer Endpoint Protection Central Management and Monitoring Service"    "IBM Corp."    "c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe"    "01/10/2014 5:18 AM"
+ "Steam Client Service"    "Steam Client Service monitors and updates Steam content"    "Valve Corporation"    "c:\program files (x86)\common files\steam\steamservice.exe"    "22/09/2014 11:18 PM"
+ "UNS"    "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"    "20/12/2010 10:15 PM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "18/10/2014 9:06 PM"
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"    "05/12/2008 7:54 PM"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"    "01/05/2007 1:30 PM"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"    "27/02/2007 8:04 PM"
+ "AgereSoftModem"    "SoftModem Device Driver"    "LSI Corp"    "c:\windows\system32\drivers\agrsm64.sys"    "10/11/2008 11:01 AM"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"    "13/07/2009 7:19 PM"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "18/03/2010 8:45 PM"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "20/03/2009 2:36 PM"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "19/03/2010 12:18 PM"
+ "AmUStor"    "Alocr Micro USB Mass Storage Driver"    "Alcor Micro, Corp."    "c:\windows\system32\drivers\amustor.sys"    "13/01/2011 8:06 AM"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"    "24/05/2007 5:27 PM"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "14/01/2009 3:27 PM"
+ "ASMMAP64"    "Memory mapping Driver"    "ASUS"    "c:\program files (x86)\asus\atk package\atkgfnex\asmmap64.sys"    "02/07/2009 5:13 AM"
+ "asmthub3"    "ASMedia USB3 Hub Driver"    "ASMedia Technology Inc"    "c:\windows\system32\drivers\asmthub3.sys"    "22/11/2011 3:09 AM"
+ "asmtxhci"    "ASMEDIA XHCI Host Controller Driver"    "ASMedia Technology Inc"    "c:\windows\system32\drivers\asmtxhci.sys"    "22/11/2011 3:09 AM"
+ "aswHwid"    "avast! HardwareID"    ""    "c:\windows\system32\drivers\aswhwid.sys"    "26/06/2014 7:31 AM"
+ "aswMonFlt"    "avast! mini-filter driver (aswMonFlt)"    "AVAST Software"    "c:\windows\system32\drivers\aswmonflt.sys"    "26/06/2014 7:32 AM"
+ "aswRdr"    "avast! WFP Redirect driver"    "AVAST Software"    "c:\windows\system32\drivers\aswrdr2.sys"    "26/06/2014 7:33 AM"
+ "aswRvrt"    "avast! Revert"    ""    "c:\windows\system32\drivers\aswrvrt.sys"    "26/06/2014 7:35 AM"
+ "aswSnx"    "avast! virtualization driver (aswSnx)"    "AVAST Software"    "c:\windows\system32\drivers\aswsnx.sys"    "26/06/2014 7:34 AM"
+ "aswSP"    "avast! Self Protection"    "AVAST Software"    "c:\windows\system32\drivers\aswsp.sys"    "02/07/2014 1:38 PM"
+ "aswStm"    "avast! StreamFilter Callout Driver"    "AVAST Software"    "c:\windows\system32\drivers\aswstm.sys"    "26/06/2014 7:47 AM"
+ "aswVmm"    "avast! VM Monitor"    ""    "c:\windows\system32\drivers\aswvmm.sys"    "26/06/2014 7:35 AM"
+ "athr"    "Atheros Extensible Wireless LAN device driver"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\athrx.sys"    "09/06/2009 2:06 PM"
+ "ATKWMIACPIIO"    "ATK WMIACPI Utility"    "ASUS"    "c:\program files (x86)\asus\atk package\atk wmiacpi\atkwmiacpi64.sys"    "06/09/2011 9:44 PM"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "13/02/2009 6:18 PM"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"    "26/04/2009 7:14 AM"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "06/08/2006 9:51 PM"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"    "06/08/2006 9:51 PM"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"    "06/08/2006 9:51 PM"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"    "06/08/2006 9:51 PM"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"    "06/08/2006 9:51 PM"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"    "09/08/2006 8:11 AM"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"    "13/07/2009 7:19 PM"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"    "31/12/2008 12:29 PM"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"    "03/02/2009 6:52 PM"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"    "03/05/2012 3:56 PM"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"    "11/05/2009 4:26 AM"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "20/04/2010 2:32 PM"
+ "iaStor"    "Intel Rapid Storage Technology driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"    "26/04/2011 2:06 PM"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "10/06/2010 8:46 PM"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"    "21/10/2011 1:29 PM"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"    "13/12/2005 5:47 PM"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"    "06/09/2011 7:39 AM"
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"    "23/08/2011 9:12 AM"
+ "kbfiltr"    "Keyboard Filter Driver"    " "    "c:\windows\system32\drivers\kbfiltr.sys"    "20/07/2009 5:21 AM"
+ "L1C"    "Atheros L1c PCI-E Gigabit Ethernet Controller"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\l1c62x64.sys"    "24/08/2010 5:14 AM"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"    "09/12/2008 6:46 PM"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "18/05/2009 8:20 PM"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"    "18/05/2009 8:31 PM"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"    "16/04/2009 6:13 PM"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"    "03/09/2014 1:50 PM"
+ "MBAMSwissArmy"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbamswissarmy.sys"    "19/09/2014 6:14 PM"
+ "MBAMWebAccessControl"    "Malwarebytes Web Access Control"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mwac.sys"    "17/06/2014 10:06 PM"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"    "18/05/2009 9:09 PM"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "18/05/2009 9:25 PM"
+ "MEIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"    "19/10/2010 7:33 PM"
+ "Netaapl"    "Apple Mobile Device Ethernet"    "Apple Inc."    "c:\windows\system32\drivers\netaapl64.sys"    "15/07/2013 6:39 PM"
+ "netr28x"    "Ralink 802.11 Wireless Adapter Driver"    "Ralink Technology, Corp."    "c:\windows\system32\drivers\netr28x.sys"    "03/02/2012 9:57 AM"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"    "06/06/2006 5:11 PM"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "19/03/2010 4:59 PM"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "19/03/2010 4:45 PM"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"    "22/01/2009 7:05 PM"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"    "18/05/2009 9:18 PM"
+ "RapportCerberus_80055"    ""    ""    "c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_80055.sys"    "24/08/2014 9:10 AM"
+ "RapportEI64"    "RapportEI64"    "IBM Corp."    "c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys"    "01/10/2014 5:40 AM"
+ "RapportKE64"    "RapportKE"    "IBM Corp."    "c:\windows\system32\drivers\rapportke64.sys"    "01/10/2014 5:40 AM"
+ "RapportPG64"    "RapportPG64"    "IBM Corp."    "c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys"    "01/10/2014 5:41 AM"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "13/09/2006 9:18 AM"
+ "SiSGbeLH"    "NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisg664.sys"    "26/02/2009 5:42 AM"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "24/09/2008 2:28 PM"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "01/10/2008 5:56 PM"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"    "17/02/2009 7:03 PM"
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"    "05/05/2011 10:28 PM"
+ "tclondrv"    "TuneClone Virtual CD-RW SCSI Controller"    "TuneClone Software"    "c:\windows\system32\drivers\tclondrv.sys"    "27/04/2011 3:26 AM"
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"    "27/11/2012 7:38 PM"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"    "13/07/2009 7:19 PM"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "30/01/2009 9:18 PM"
+ "WDC_SAM"    "Manages WD external storage products."    "Western Digital Technologies"    "c:\windows\system32\drivers\wdcsam64.sys"    "16/04/2008 4:39 AM"
+ "WsAudio_Device(1)"    "Wondershare Virtual Audio Device"    "Wondershare"    "c:\windows\system32\drivers\virtualaudio1.sys"    "23/07/2009 8:04 AM"
+ "WsAudio_Device(2)"    "Wondershare Virtual Audio Device"    "Wondershare"    "c:\windows\system32\drivers\virtualaudio2.sys"    "23/07/2009 8:04 AM"
+ "WsAudio_Device(3)"    "Wondershare Virtual Audio Device"    "Wondershare"    "c:\windows\system32\drivers\virtualaudio3.sys"    "23/07/2009 8:04 AM"
+ "WsAudio_Device(4)"    "Wondershare Virtual Audio Device"    "Wondershare"    "c:\windows\system32\drivers\virtualaudio4.sys"    "23/07/2009 8:04 AM"
+ "WsAudio_Device(5)"    "Wondershare Virtual Audio Device"    "Wondershare"    "c:\windows\system32\drivers\virtualaudio5.sys"    "23/07/2009 8:04 AM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "13/07/2014 5:44 PM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "13/07/2009 9:28 PM"
+ "VIDC.RTV1"    ""    ""    "c:\windows\system32\rtvcvfw64.dll"    "28/09/2012 3:45 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "13/07/2014 6:38 PM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"    "13/07/2009 9:06 PM"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"    "20/11/2010 7:59 AM"
+ "VIDC.mjpg"    "MainConcept MJPG Video Codec"    "MainConcept"    "c:\windows\syswow64\mcmjpg32.dll"    "28/10/2003 12:22 PM"
+ "VIDC.RTV1"    ""    ""    "c:\windows\syswow64\rtvcvfw32.dll"    "28/09/2012 3:45 PM"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "21/06/2014 8:45 PM"
+ "ASUS Color Convert"    "ASUS Color Preview Filter"    "ASUSTek"    "c:\program files (x86)\asus\splendid\rgbtran.ax"    "26/05/2005 2:53 AM"
+ "ASUS Color Preview Filter"    "ASUS Color Preview Filter"    "ASUSTek"    "c:\program files (x86)\asus\splendid\rgbtran.ax"    "26/05/2005 2:53 AM"
+ "ASUS SplitVCam Pump"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"    "12/01/2012 5:17 AM"
+ "ASUS SplitVCam Relayer"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"    "12/01/2012 5:17 AM"
+ "ASUS SplitVCam Renderer"    ""    ""    "c:\program files (x86)\asus\virtualcamera\splitvcamrenderer.ax"    "12/01/2012 5:17 AM"
+ "ASUS Virtual Camera"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"    "12/01/2012 5:17 AM"
+ "CyberLink Audio Noise Reduction"    "CLAuNR"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"    "16/10/2005 10:34 PM"
+ "CyberLink Audio Resampler"    "CLAuRsmpl.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"    "24/02/2005 10:41 PM"
+ "CyberLink Audio VolumeBooster"    "CyberLink Audio Volume Booster Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"    "08/10/2004 4:36 AM"
+ "CyberLink AudioCD Filter"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"    "21/01/2008 6:35 AM"
+ "Cyberlink File Reader (Async.)"    "Cyberlink MPEG File Reader"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2greader.ax"    "15/06/2003 11:35 PM"
+ "CyberLink MP3/WAV Wrapper"    "CyberLink MP3 Wrapper"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"    "13/01/2008 10:30 PM"
+ "CyberLink PCM Wrapper"    "CyberLink PCM Wrapper"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"    "21/03/2002 1:54 AM"
+ "CyberLink Video Regulator"    "CLRGL"    "Cyberlink"    "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"    "28/09/2005 6:42 AM"
+ "P2G Audio Encoder"    "CyberLink Audio Encoder Filter"    "Cyberlink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"    "20/12/2006 5:20 AM"
+ "WS ScreenCapture"    "ScreenCa Dynamic Link Library"    ""    "c:\program files (x86)\aimersoft\drm media converter\screencapturefilter.ax"    "07/12/2011 2:02 AM"
+ "Xvid MPEG-4 Video Decoder"    ""    ""    "c:\windows\syswow64\xvid.ax"    "25/09/2008 11:23 PM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""    "28/08/2013 1:20 PM"
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"    "31/08/2011 1:44 AM"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""    "28/08/2013 1:20 PM"
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"    "31/08/2011 1:53 AM"
"C:\Users\VIRGINIA\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"    ""    ""    ""    "15/06/2014 12:44 PM"
+ "Avast! antivirus monitor"    "Avast! antivirus sidebar gadget."    "AVAST Software"    "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml"    "13/03/2013 2:04 PM"
 


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


Since you are a 64-bit System user, I'd like you to provide me another set of reports which will give a better look at what's going on there :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.


About Avast, MBAM and CCleaner - they all address different areas of your system. Avast is an anti-virus suit, while MBAM is a typical anti-spyware/anti-malware scanner (on-demand only if using free version). CCleaner is a tool used for good maintenance of your machine, does not have any 'guarding' possibilities.

We will perform a check up. Should you have any questions, feel free to ask :)

Cheers,
Naat
  • 0

#3
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thanks for the reply.

 

A little more about what's going on.  About a week ago Chrome started acting up.  After a reboot/restart it would open normally.  If I then closed the window and reopenned it again I would get a status bar at the bottom and a white screen (even the max/min close options were missing).  Task Manager would say Chrome was running and no Not Responding message but I could leave it for hours and it would never progress to a web site.  The only way to get rid of it would be to end the process tree in task manager.  Then it would start normally again.  I removed the "run in background after app is closed" option in settings which "fixed" the problem.  I just don't know why it just started happening.  I must admit my computer security practices are somewhat lax.

 

Boot up has also been slower.  I'm guessing there are a ton of things starting up that I don't need.  I don't know which ones are essential and which ones I can disable.  I also was nearing capacity on my HDD.  I've cleaned up my HDD so that now I have 50 Gb free out of 186 Gb.  That has helped the boot speed a bit.

 

Here are the logs you requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by VIRGINIA (administrator) on VIRGINIA-PC on 19-10-2014 12:45:21
Running from C:\Users\VIRGINIA\Desktop
Loaded Profile: VIRGINIA (Available profiles: VIRGINIA & Tanya & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dropbox, Inc.) C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\RunOnce: [Uninstall C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicyUsers\S-1-5-21-589063879-4051792814-2538650772-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Firefox\Profiles\mx9mchdw.default
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Firefox\Profiles\mx9mchdw.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-11]
CHR Extension: (Google Docs) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-11]
CHR Extension: (YouTube) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (avast! SafePrice) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-10-11]
CHR Extension: (Google Sheets) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-11]
CHR Extension: (avast! Online Security) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-11]
CHR Extension: (Pin It Button) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
U2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-01] (IBM Corp.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-09-26] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-01] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-01] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-01] (IBM Corp.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 12:45 - 2014-10-19 12:46 - 00020125 _____ () C:\Users\VIRGINIA\Desktop\FRST.txt
2014-10-19 12:45 - 2014-10-19 12:45 - 00000000 ____D () C:\FRST
2014-10-19 12:44 - 2014-10-19 12:44 - 02112512 _____ (Farbar) C:\Users\VIRGINIA\Desktop\FRST64.exe
2014-10-18 21:24 - 2014-10-18 21:24 - 00110538 _____ () C:\Users\VIRGINIA\Desktop\OTL.Txt
2014-10-18 21:10 - 2014-10-18 21:10 - 00066284 _____ () C:\Users\VIRGINIA\Desktop\AutoRuns ms and win excluded.txt
2014-10-18 21:08 - 2014-10-18 21:08 - 00095930 _____ () C:\Users\VIRGINIA\Desktop\AutoRuns.txt
2014-10-18 14:12 - 2014-10-18 14:12 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\IsolatedStorage
2014-10-18 14:12 - 2014-10-18 14:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Pro
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\DigitalVolcano
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Program Files (x86)\Duplicate Cleaner Pro
2014-10-18 14:10 - 2014-10-18 14:11 - 08305664 _____ (DigitalVolcano Software Ltd) C:\Users\VIRGINIA\Downloads\DuplicateCleaner3_setup.exe
2014-10-18 14:00 - 2014-10-18 14:00 - 00000000 ____D () C:\Program Files (x86)\FMS Empty File Remover
2014-10-18 13:59 - 2014-10-18 13:59 - 00752732 _____ (FileManagerSoft Ltd. ) C:\Users\VIRGINIA\Downloads\EmptyFileRemoverSetup.exe
2014-10-18 13:57 - 2014-10-18 13:57 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Macromedia
2014-10-18 13:37 - 2014-10-18 13:37 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Remove_Empty_Directories
2014-10-18 13:36 - 2014-10-18 13:36 - 00000000 ____D () C:\Program Files (x86)\Remove Empty Directories
2014-10-18 13:35 - 2014-10-18 13:35 - 00404482 _____ (Jonas John ) C:\Users\VIRGINIA\Downloads\red-v2.2-setup.exe
2014-10-18 13:34 - 2014-10-18 13:34 - 00699016 _____ (CNET Download.com) C:\Users\VIRGINIA\Downloads\cbsidlm-cbsi213-Remove_Empty_Directories-SEO-10755867.exe
2014-10-18 13:18 - 2014-10-18 13:18 - 00141616 _____ () C:\Users\VIRGINIA\Downloads\delempty.exe
2014-10-18 13:00 - 2014-10-18 13:01 - 03949064 _____ () C:\empties.bat
2014-10-18 09:25 - 2014-10-18 09:26 - 00000000 ____D () C:\Users\VIRGINIA\Documents\CC Cleaner reg backups
2014-10-18 09:01 - 2014-10-18 09:01 - 00448512 _____ (OldTimer Tools) C:\Users\VIRGINIA\Downloads\TFC.exe
2014-10-18 08:54 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\VIRGINIA\Desktop\autoruns.exe
2014-10-18 08:54 - 2014-09-11 08:57 - 00505536 _____ (Sysinternals - www.sysinternals.com) C:\Users\VIRGINIA\Desktop\autorunsc.exe
2014-10-18 08:54 - 2014-08-05 08:20 - 00049518 _____ () C:\Users\VIRGINIA\Desktop\autoruns.chm
2014-10-18 08:06 - 2014-10-18 08:06 - 00602112 _____ (OldTimer Tools) C:\Users\VIRGINIA\Desktop\OTL.exe
2014-10-16 13:18 - 2014-10-19 12:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 13:18 - 2014-10-16 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 13:17 - 2014-10-16 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 13:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-16 13:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-16 10:14 - 2014-10-16 10:14 - 00002871 _____ () C:\Users\VIRGINIA\Downloads\statement.qfx
2014-10-16 09:59 - 2014-10-16 09:59 - 00001073 _____ () C:\Users\VIRGINIA\Downloads\cibc.qfx
2014-10-16 09:53 - 2014-10-16 09:53 - 00001111 _____ () C:\Users\VIRGINIA\Downloads\PCF.qfx
2014-10-16 03:37 - 2014-10-16 03:37 - 00353256 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 03:36 - 2014-10-18 14:02 - 00003574 _____ () C:\windows\PFRO.log
2014-10-15 09:53 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 09:53 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 09:53 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-15 09:53 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 09:53 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-15 09:53 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-15 09:53 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-15 09:53 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-15 09:53 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 09:52 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 09:52 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 09:52 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 09:52 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 09:52 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 09:52 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 09:52 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 09:52 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 09:52 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 09:52 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 09:52 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 09:52 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 09:52 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 09:52 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 09:52 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 09:52 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-15 09:52 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-15 09:52 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-15 09:52 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-15 09:52 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-15 09:52 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-15 09:52 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-15 09:52 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-15 09:52 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-15 09:52 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-15 09:52 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-15 09:52 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-15 09:52 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-15 09:52 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-15 09:52 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-15 09:52 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-15 09:52 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-15 09:52 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-15 09:52 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-15 09:51 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 09:51 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 09:51 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 09:51 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 09:51 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 09:51 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 09:51 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 09:51 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 09:51 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 09:51 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 09:51 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 09:51 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 09:51 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 09:51 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 09:51 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 09:51 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 09:51 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 09:51 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 09:51 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 09:51 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 09:51 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 09:51 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 09:51 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 09:51 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 09:51 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 09:51 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 09:51 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 09:51 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 09:51 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 09:51 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 09:51 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 09:51 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 09:51 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 09:51 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 09:51 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 09:51 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 09:51 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 09:51 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 09:51 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 09:51 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 09:51 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 09:50 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 09:50 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 09:50 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 09:50 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-15 09:50 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 09:50 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 09:50 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 09:50 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 09:50 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-15 09:49 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 09:49 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 09:49 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 09:49 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 09:49 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 09:49 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 09:49 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 09:49 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:44 - 2014-10-15 09:44 - 00005598 _____ () C:\Users\VIRGINIA\Downloads\report.qfx
2014-10-14 13:19 - 2014-10-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 10:51 - 2014-10-18 21:00 - 00000336 _____ () C:\windows\setupact.log
2014-10-12 10:51 - 2014-10-12 10:51 - 00000000 _____ () C:\windows\setuperr.log
2014-10-11 21:46 - 2014-10-11 21:46 - 00015351 _____ () C:\Users\VIRGINIA\Documents\grocery comparison.xlsx
2014-10-11 09:07 - 2014-10-11 09:07 - 00076488 _____ () C:\Users\VIRGINIA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-11 08:19 - 2014-10-11 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-11 08:18 - 2014-10-19 12:23 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 08:18 - 2014-10-19 11:54 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 08:18 - 2014-10-11 08:18 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-11 08:18 - 2014-10-11 08:18 - 00003646 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-30 22:50 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-30 22:50 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 15:37 - 2014-09-30 15:37 - 00086800 _____ () C:\Users\VIRGINIA\Documents\HDMH DI Schedule Nov 2014.xlsx
2014-09-26 17:12 - 2014-10-15 10:00 - 00029122 _____ () C:\Users\VIRGINIA\Documents\Weekly meal planner(2).xlsx
2014-09-23 17:56 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 17:56 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 19:00 - 2014-09-21 19:00 - 00015351 _____ () C:\Users\VIRGINIA\Documents\math pages.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 12:35 - 2013-02-15 18:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 12:23 - 2013-12-27 18:23 - 00000304 _____ () C:\windows\Tasks\Digital Sites.job
2014-10-19 11:59 - 2012-06-28 03:15 - 02044641 _____ () C:\windows\WindowsUpdate.log
2014-10-18 21:08 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-18 21:08 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-18 21:02 - 2013-06-04 00:25 - 00000632 __RSH () C:\Users\VIRGINIA\ntuser.pol
2014-10-18 21:02 - 2013-02-13 20:57 - 00000000 ____D () C:\Users\VIRGINIA
2014-10-18 21:01 - 2014-01-09 21:24 - 00000000 ___RD () C:\Users\VIRGINIA\Dropbox
2014-10-18 21:01 - 2014-01-09 21:17 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Dropbox
2014-10-18 21:00 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-18 17:33 - 2013-03-31 20:09 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Software Documentation
2014-10-18 17:33 - 2013-03-31 20:09 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Recipes
2014-10-18 17:33 - 2013-03-31 20:08 - 00000000 ____D () C:\Users\VIRGINIA\Documents\chiro exercises
2014-10-18 14:06 - 2013-04-25 16:44 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-18 14:02 - 2014-08-01 21:49 - 00000000 ____D () C:\Prodigy
2014-10-18 14:02 - 2014-08-01 20:06 - 00000000 __SHD () C:\Users\VIRGINIA\AppData\Local\EmieUserList
2014-10-18 14:02 - 2014-08-01 20:06 - 00000000 __SHD () C:\Users\VIRGINIA\AppData\Local\EmieSiteList
2014-10-18 14:02 - 2014-05-16 17:21 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Efficient To-Do List Free
2014-10-18 14:02 - 2013-12-27 18:25 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Mobogenie
2014-10-18 14:02 - 2013-08-28 01:47 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Audacity
2014-10-18 14:02 - 2013-08-16 12:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-18 14:02 - 2013-04-01 17:35 - 00000000 ____D () C:\Users\Tanya
2014-10-18 14:02 - 2013-03-31 20:30 - 00000000 ____D () C:\Users\Guest
2014-10-18 14:02 - 2009-07-29 01:10 - 00000000 ____D () C:\Users\Administrator
2014-10-18 13:49 - 2014-08-12 18:20 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Scribus
2014-10-18 13:49 - 2014-07-13 13:25 - 00000000 ____D () C:\Users\VIRGINIA\Documents\PAY STUBS
2014-10-18 13:49 - 2013-10-11 09:45 - 00000000 ____D () C:\Users\VIRGINIA\Documents\My PSP Files
2014-10-18 13:49 - 2013-09-09 19:30 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Family Tree Maker
2014-10-18 13:49 - 2013-04-01 19:50 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Aimersoft DVD Creator
2014-10-18 13:49 - 2013-03-12 12:14 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Fax
2014-10-18 13:49 - 2013-02-13 21:34 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Mozilla
2014-10-18 13:48 - 2013-11-28 03:42 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2014-10-18 13:48 - 2013-07-03 12:44 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\calibre
2014-10-18 13:48 - 2013-06-20 20:55 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\HandBrake
2014-10-18 13:48 - 2013-04-20 16:56 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\FlvtoConverter
2014-10-18 13:48 - 2013-02-15 17:48 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\ASUS WebStorage
2014-10-18 13:48 - 2013-02-13 21:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Apple Computer
2014-10-18 13:48 - 2013-02-13 21:22 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Adobe
2014-10-18 13:46 - 2014-08-27 13:50 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Adobe
2014-10-18 13:46 - 2014-02-13 19:48 - 00000000 ____D () C:\Users\VIRGINIA\.gimp-2.8
2014-10-18 13:46 - 2014-01-10 22:01 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Apps\2.0
2014-10-18 13:46 - 2013-12-27 18:25 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\cache
2014-10-18 13:46 - 2013-04-25 16:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Google
2014-10-18 13:46 - 2013-02-13 21:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Apple Computer
2014-10-18 13:44 - 2014-06-15 12:48 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\.minecraft
2014-10-18 13:44 - 2013-12-26 20:16 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\HandBrake
2014-10-18 13:44 - 2013-04-01 18:39 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\Mozilla
2014-10-18 13:44 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\Apple Computer
2014-10-18 13:44 - 2013-03-31 20:30 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-10-18 13:43 - 2012-02-18 03:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-18 13:30 - 2013-02-15 18:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 13:30 - 2013-02-15 18:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 13:30 - 2013-02-15 18:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-10-18 09:36 - 2013-03-31 20:08 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Craft Projects and Gift Ideas
2014-10-18 09:11 - 2013-08-28 13:30 - 00141824 ___SH () C:\Users\VIRGINIA\Documents\Thumbs.db
2014-10-18 00:34 - 2014-06-05 21:42 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\.minecraft
2014-10-17 00:08 - 2014-08-10 14:25 - 00081826 _____ () C:\Users\VIRGINIA\Documents\Estimated Pay Stubs.xlsx
2014-10-16 13:17 - 2014-01-03 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 09:50 - 2012-06-28 03:24 - 00002826 _____ () C:\windows\system32\AutoRunFilter.ini
2014-10-16 04:33 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-16 03:42 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 03:36 - 2013-12-17 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-16 03:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 03:08 - 2013-07-29 17:07 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 03:00 - 2013-02-17 22:17 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-11 09:04 - 2013-08-28 11:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-11 08:19 - 2012-02-18 03:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 18:52 - 2013-08-22 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-05 17:38 - 2009-07-14 01:13 - 00876042 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-01 12:42 - 2013-05-21 20:22 - 00534104 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2014-10-01 11:11 - 2014-01-03 15:09 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-23 18:04 - 2013-02-14 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-22 19:45 - 2013-08-28 01:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-22 02:42 - 2013-02-18 22:36 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-20 23:31 - 2014-01-09 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2014-09-20 23:31 - 2014-01-09 20:26 - 00000000 ____D () C:\Program Files (x86)\YNAB 4

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\Public\Minecraft.exe
C:\Users\VIRGINIA\Citrix Online Launcher.exe


Some content of TEMP:
====================
C:\Users\VIRGINIA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7rt764.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:26

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by VIRGINIA at 2014-10-19 12:46:32
Running from C:\Users\VIRGINIA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Aimersoft DVD Creator(Build 2.6.5) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version:  - Wondershare)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Duplicate Cleaner Pro 3.2.5 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.5 - DigitalVolcano Software Ltd)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Efficient To-Do List Free 3.70 (HKLM-x32\...\Efficient To-Do List Free_is1) (Version:  - Efficient Software)
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FMS Empty File Remover 2.9.8 (HKLM-x32\...\{1C363729-80C0-43D6-A975-6C2BC18A5708}_is1) (Version:  - FileManagerSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MainConcept MJPEG Codec (HKLM-x32\...\InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}) (Version: 3.02.0004.0000 - MainConcept AG)
MainConcept MJPEG Codec (x32 Version: 3.02.0004.0000 - MainConcept AG) Hidden
MainConcept MJPG software codec (Remove Only) (HKLM-x32\...\MCMJPG) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plastic Canvas Design Studio 2.0 (HKLM-x32\...\{15B6A87E-1EF2-4AA8-8D62-6462C77B808C}) (Version: 2.00.05 - M&R Technologies, Inc.)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.1.0.48 - Corel Corporation) Hidden
Quicken 2013 (HKLM-x32\...\{0183D8B5-50C7-4A7D-89F8-C5FAB707E615}) (Version: 22.1.2.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Rapport (x32 Version: 3.5.1404.19 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
Sante DICOM Viewer FREE 2.1 (HKLM-x32\...\{86DD1850-8FC6-4907-AE84-DE4BC5CEE725}) (Version: 2.1.9 - Santesoft)
SCARM 0.9.22 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.22 - Milen Peev)
Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.19 - Trusteer)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 5.10 (32-bit) (x32 Version: 5.10.0 - win.rar GmbH) Hidden
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

05-10-2014 03:32:21 Windows Update
06-10-2014 22:51:17 Installed Rapport
09-10-2014 00:08:23 Windows Update
13-10-2014 00:02:34 Windows Update
16-10-2014 07:00:16 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0302CFFE-F963-47A0-985F-ED0615AD2A89} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {0FEAF784-3D1C-4C6B-9AF1-AEF38348ADD6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {384081F1-42D1-4FDF-9053-5310EE93782F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {71C15E7E-88F3-4ACC-A766-BCC88EC60748} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {7521411C-794E-481F-A3F4-E3AAFDF65321} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {79EBF54E-2BEB-4D5B-971D-4483EE0D9DEE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {831C67B7-8F4D-46D7-887E-FA5598B16046} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18] (Adobe Systems Incorporated)
Task: {85335C15-7910-4C33-BEA6-FD4DC2FD0749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {8CE89F77-AB9C-41D6-AAA8-06F7F50BEDBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {B1395307-22AB-4B88-9468-3B39137CB1E7} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {B9CCE87A-2B64-4834-983C-74616900F5DF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {EFD26B1A-CD74-4A20-B88D-7062802CBBC9} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {FFF904A2-4A8B-4B90-A7F2-36319F0F95D6} - System32\Tasks\Digital Sites => C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 13:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-23 18:02 - 2014-09-23 18:02 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-04 21:24 - 2011-05-05 08:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-04-14 15:41 - 2014-04-14 15:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\windows\SysWOW64\PSIService.exe
2013-03-11 13:46 - 2005-04-22 00:36 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll
2014-07-15 18:34 - 2014-07-15 18:34 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-18 14:07 - 2014-10-18 14:07 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14101801\algo.dll
2014-10-19 11:46 - 2014-10-19 11:46 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14101900\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-07-15 18:34 - 2014-07-15 18:34 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-18 21:01 - 2014-10-18 21:01 - 00043008 _____ () c:\users\virginia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7rt764.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-10-14 13:19 - 2014-10-14 13:19 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B174FAE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06175353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06175353.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^VIRGINIA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Efficient To-Do List Free.lnk => C:\windows\pss\Efficient To-Do List Free.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: EfficientToDoListFree =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EF0DA795C05222B22E21F592E60D47F1 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Uninstall C: =>
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-589063879-4051792814-2538650772-500 - Administrator - Disabled)
Guest (S-1-5-21-589063879-4051792814-2538650772-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-589063879-4051792814-2538650772-1010 - Limited - Enabled)
Tanya (S-1-5-21-589063879-4051792814-2538650772-1001 - Limited - Enabled) => C:\Users\Tanya
VIRGINIA (S-1-5-21-589063879-4051792814-2538650772-1000 - Administrator - Enabled) => C:\Users\VIRGINIA

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2014 06:37:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14055


System errors:
=============
Error: (10/18/2014 03:36:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (10/18/2014 02:08:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (10/18/2014 02:04:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/18/2014 02:04:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/18/2014 01:23:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/18/2014 01:23:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/18/2014 00:59:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

Error: (10/18/2014 00:58:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

Error: (10/18/2014 00:58:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

Error: (10/18/2014 00:18:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.


Microsoft Office Sessions:
=========================
Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2014 06:37:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14055


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 47%
Total physical RAM: 6048.13 MB
Available physical RAM: 3171.31 MB
Total Pagefile: 12094.43 MB
Available Pagefile: 8682.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:50.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:254.36 GB) (Free:253.92 GB) NTFS
Drive e: (CTI 2) (CDROM) (Total:0.06 GB) (Free:0 GB) UDF
Drive f: (New Volume) (Fixed) (Total:25 GB) (Free:1.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0ED6495C)
Partition 1: (Not Active) - (Size=25 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=254.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


  • 0

#4
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I forgot to ask. . . how do I tell if I have Windows security essentials or defender running?  I know multiple AV can conflict with eachother.  I have yet to figure out a decent combination of utilities to protect me from my own choices. 


  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 

how do I tell if I have Windows security essentials or defender running?  I know multiple AV can conflict with eachother.  I have yet to figure out a decent combination of utilities to protect me from my own choices.

 
The true is that you have Avast & Microsoft Security Essentials running both real-time and this is the issue we need to rectify first. Two conflicting AV's are able to render the machine unstable or even unbootable. Please see this snippet from your logfile:
 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

 
Please consider this warning and make up your mind which one will stay. 
 
Please uninstall all but one using the tools you may find in the following link: Uninstallers (removal tools) for common Windows antivirus software.


  • 0

#6
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Ok, I think I got rid of Security Essentials.  It may have been part of the problem, it seems like I tried to remove it at somepoint since it wasn't in add/remove, eset couldn't remove it, manually I couldn't find anything they wanted me to remove, so I ran the MS "fix it" too which seemed to work.

 

Should I remove Windows Defender if I'm running avast?  I'm not sure what AS stands for.

 

What's next?

 

Thanks so much for your time.  This has been frustrating me to no end.

 

I restarted and ran farbar again:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2014
Ran by VIRGINIA at 2014-10-19 17:28:15
Running from C:\Users\VIRGINIA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Aimersoft DVD Creator(Build 2.6.5) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version:  - Wondershare)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Duplicate Cleaner Pro 3.2.5 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.5 - DigitalVolcano Software Ltd)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Efficient To-Do List Free 3.70 (HKLM-x32\...\Efficient To-Do List Free_is1) (Version:  - Efficient Software)
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FMS Empty File Remover 2.9.8 (HKLM-x32\...\{1C363729-80C0-43D6-A975-6C2BC18A5708}_is1) (Version:  - FileManagerSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MainConcept MJPEG Codec (HKLM-x32\...\InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}) (Version: 3.02.0004.0000 - MainConcept AG)
MainConcept MJPEG Codec (x32 Version: 3.02.0004.0000 - MainConcept AG) Hidden
MainConcept MJPG software codec (Remove Only) (HKLM-x32\...\MCMJPG) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plastic Canvas Design Studio 2.0 (HKLM-x32\...\{15B6A87E-1EF2-4AA8-8D62-6462C77B808C}) (Version: 2.00.05 - M&R Technologies, Inc.)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.1.0.48 - Corel Corporation) Hidden
Quicken 2013 (HKLM-x32\...\{0183D8B5-50C7-4A7D-89F8-C5FAB707E615}) (Version: 22.1.2.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Rapport (x32 Version: 3.5.1404.19 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
Sante DICOM Viewer FREE 2.1 (HKLM-x32\...\{86DD1850-8FC6-4907-AE84-DE4BC5CEE725}) (Version: 2.1.9 - Santesoft)
SCARM 0.9.22 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.22 - Milen Peev)
Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.19 - Trusteer)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 5.10 (32-bit) (x32 Version: 5.10.0 - win.rar GmbH) Hidden
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 07:00:16 Windows Update
19-10-2014 20:34:59 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
19-10-2014 21:05:05 Installed Microsoft Fix it 50535
19-10-2014 21:07:25 Installed Microsoft Fix it 50535

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0302CFFE-F963-47A0-985F-ED0615AD2A89} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {0FEAF784-3D1C-4C6B-9AF1-AEF38348ADD6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {384081F1-42D1-4FDF-9053-5310EE93782F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {71C15E7E-88F3-4ACC-A766-BCC88EC60748} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {7521411C-794E-481F-A3F4-E3AAFDF65321} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {79EBF54E-2BEB-4D5B-971D-4483EE0D9DEE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {831C67B7-8F4D-46D7-887E-FA5598B16046} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18] (Adobe Systems Incorporated)
Task: {85335C15-7910-4C33-BEA6-FD4DC2FD0749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {8CE89F77-AB9C-41D6-AAA8-06F7F50BEDBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {B1395307-22AB-4B88-9468-3B39137CB1E7} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {B9CCE87A-2B64-4834-983C-74616900F5DF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {EFD26B1A-CD74-4A20-B88D-7062802CBBC9} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {FFF904A2-4A8B-4B90-A7F2-36319F0F95D6} - System32\Tasks\Digital Sites => C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Digital Sites.job => C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 13:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-09-23 18:02 - 2014-09-23 18:02 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-04 21:24 - 2011-05-05 08:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-04-14 15:41 - 2014-04-14 15:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\windows\SysWOW64\PSIService.exe
2013-03-11 13:46 - 2005-04-22 00:36 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll
2014-07-15 18:34 - 2014-07-15 18:34 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-19 15:48 - 2014-10-19 15:48 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14101901\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-07-15 18:34 - 2014-07-15 18:34 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-19 16:43 - 2014-10-19 16:43 - 00043008 _____ () c:\users\virginia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpevh65r.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-10-14 13:19 - 2014-10-14 13:19 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-18 13:30 - 2014-10-18 13:30 - 16832176 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B174FAE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06175353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06175353.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^VIRGINIA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Efficient To-Do List Free.lnk => C:\windows\pss\Efficient To-Do List Free.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: EfficientToDoListFree =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EF0DA795C05222B22E21F592E60D47F1 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Uninstall C: =>
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-589063879-4051792814-2538650772-500 - Administrator - Disabled)
Guest (S-1-5-21-589063879-4051792814-2538650772-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-589063879-4051792814-2538650772-1010 - Limited - Enabled)
Tanya (S-1-5-21-589063879-4051792814-2538650772-1001 - Limited - Enabled) => C:\Users\Tanya
VIRGINIA (S-1-5-21-589063879-4051792814-2538650772-1000 - Administrator - Enabled) => C:\Users\VIRGINIA

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2014 06:37:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14055


System errors:
=============
Error: (10/19/2014 04:42:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:40:47 PM on ‎19/‎10/‎2014 was unexpected.

Error: (10/18/2014 03:36:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (10/18/2014 02:08:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (10/18/2014 02:04:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/18/2014 02:04:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/18/2014 01:23:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053

Error: (10/18/2014 01:23:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (10/18/2014 00:59:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

Error: (10/18/2014 00:58:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

Error: (10/18/2014 00:58:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.


Microsoft Office Sessions:
=========================
Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20124

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (10/18/2014 00:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/17/2014 06:37:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14055


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 47%
Total physical RAM: 6048.13 MB
Available physical RAM: 3182.36 MB
Total Pagefile: 12094.43 MB
Available Pagefile: 8823.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:53.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:254.36 GB) (Free:253.92 GB) NTFS
Drive e: (CTI 2) (CDROM) (Total:0.06 GB) (Free:0 GB) UDF
Drive f: (New Volume) (Fixed) (Total:25 GB) (Free:1.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0ED6495C)
Partition 1: (Not Active) - (Size=25 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=254.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

I restarted and ran farbar again


Very good, but please post also FRST.txt :)


  • 0

#8
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I ran Chrome (habit), I've switched to Firefox while I figure this out.  It did it's usual freeze/crash thing.  When I went to Task Manager to end the processes there were 5 Chrome.exe *32 (I only had one window/tab open).  I ended the process tree of the first chrome entry and it only closed that instance.  I did the same for the next entry and all 4 remaining Chrome.exe processes disappeared.


  • 0

#9
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Oops, sorry.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2014
Ran by VIRGINIA (administrator) on VIRGINIA-PC on 19-10-2014 17:27:34
Running from C:\Users\VIRGINIA\Desktop
Loaded Profile: VIRGINIA (Available profiles: VIRGINIA & Tanya & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dropbox, Inc.) C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\RunOnce: [Uninstall C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicyUsers\S-1-5-21-589063879-4051792814-2538650772-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Firefox\Profiles\mx9mchdw.default
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Firefox\Profiles\mx9mchdw.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-11]
CHR Extension: (Google Docs) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-11]
CHR Extension: (YouTube) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (avast! SafePrice) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-10-11]
CHR Extension: (Google Sheets) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-11]
CHR Extension: (avast! Online Security) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-11]
CHR Extension: (Pin It Button) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-01] (IBM Corp.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-09-26] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-01] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-01] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-01] (IBM Corp.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 17:06 - 2014-10-19 17:08 - 00001214 _____ () C:\FixitRegBackup.reg
2014-10-19 17:04 - 2014-10-19 17:04 - 00899584 _____ () C:\Users\VIRGINIA\Desktop\MicrosoftFixit50535.msi
2014-10-19 16:38 - 2014-10-19 16:38 - 501611816 _____ () C:\Users\VIRGINIA\Documents\manual reg backup.reg
2014-10-19 16:32 - 2014-10-19 16:32 - 01132704 _____ (ESET spol. s r.o.) C:\Users\VIRGINIA\Desktop\eset_av_remover.exe
2014-10-19 12:46 - 2014-10-19 12:47 - 00039348 _____ () C:\Users\VIRGINIA\Desktop\Addition.txt
2014-10-19 12:45 - 2014-10-19 17:27 - 00019337 _____ () C:\Users\VIRGINIA\Desktop\FRST.txt
2014-10-19 12:45 - 2014-10-19 17:27 - 00000000 ____D () C:\FRST
2014-10-19 12:44 - 2014-10-19 12:44 - 02112512 _____ (Farbar) C:\Users\VIRGINIA\Desktop\FRST64.exe
2014-10-18 21:24 - 2014-10-19 17:23 - 00109060 _____ () C:\Users\VIRGINIA\Desktop\OTL.Txt
2014-10-18 21:10 - 2014-10-18 21:10 - 00066284 _____ () C:\Users\VIRGINIA\Desktop\AutoRuns ms and win excluded.txt
2014-10-18 21:08 - 2014-10-18 21:08 - 00095930 _____ () C:\Users\VIRGINIA\Desktop\AutoRuns.txt
2014-10-18 14:12 - 2014-10-18 14:12 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\IsolatedStorage
2014-10-18 14:12 - 2014-10-18 14:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Pro
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\DigitalVolcano
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Program Files (x86)\Duplicate Cleaner Pro
2014-10-18 14:10 - 2014-10-18 14:11 - 08305664 _____ (DigitalVolcano Software Ltd) C:\Users\VIRGINIA\Downloads\DuplicateCleaner3_setup.exe
2014-10-18 14:00 - 2014-10-18 14:00 - 00000000 ____D () C:\Program Files (x86)\FMS Empty File Remover
2014-10-18 13:59 - 2014-10-18 13:59 - 00752732 _____ (FileManagerSoft Ltd. ) C:\Users\VIRGINIA\Downloads\EmptyFileRemoverSetup.exe
2014-10-18 13:57 - 2014-10-18 13:57 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Macromedia
2014-10-18 13:37 - 2014-10-18 13:37 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Remove_Empty_Directories
2014-10-18 13:36 - 2014-10-18 13:36 - 00000000 ____D () C:\Program Files (x86)\Remove Empty Directories
2014-10-18 13:35 - 2014-10-18 13:35 - 00404482 _____ (Jonas John ) C:\Users\VIRGINIA\Downloads\red-v2.2-setup.exe
2014-10-18 13:34 - 2014-10-18 13:34 - 00699016 _____ (CNET Download.com) C:\Users\VIRGINIA\Downloads\cbsidlm-cbsi213-Remove_Empty_Directories-SEO-10755867.exe
2014-10-18 13:18 - 2014-10-18 13:18 - 00141616 _____ () C:\Users\VIRGINIA\Downloads\delempty.exe
2014-10-18 13:00 - 2014-10-18 13:01 - 03949064 _____ () C:\empties.bat
2014-10-18 09:25 - 2014-10-18 09:26 - 00000000 ____D () C:\Users\VIRGINIA\Documents\CC Cleaner reg backups
2014-10-18 09:01 - 2014-10-18 09:01 - 00448512 _____ (OldTimer Tools) C:\Users\VIRGINIA\Downloads\TFC.exe
2014-10-18 08:54 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\VIRGINIA\Desktop\autoruns.exe
2014-10-18 08:54 - 2014-09-11 08:57 - 00505536 _____ (Sysinternals - www.sysinternals.com) C:\Users\VIRGINIA\Desktop\autorunsc.exe
2014-10-18 08:54 - 2014-08-05 08:20 - 00049518 _____ () C:\Users\VIRGINIA\Desktop\autoruns.chm
2014-10-18 08:06 - 2014-10-18 08:06 - 00602112 _____ (OldTimer Tools) C:\Users\VIRGINIA\Desktop\OTL.exe
2014-10-16 13:18 - 2014-10-19 16:53 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 13:18 - 2014-10-16 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 13:17 - 2014-10-16 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 13:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-16 13:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-16 10:14 - 2014-10-16 10:14 - 00002871 _____ () C:\Users\VIRGINIA\Downloads\statement.qfx
2014-10-16 09:59 - 2014-10-16 09:59 - 00001073 _____ () C:\Users\VIRGINIA\Downloads\cibc.qfx
2014-10-16 09:53 - 2014-10-16 09:53 - 00001111 _____ () C:\Users\VIRGINIA\Downloads\PCF.qfx
2014-10-16 03:37 - 2014-10-16 03:37 - 00353256 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 03:36 - 2014-10-18 14:02 - 00003574 _____ () C:\windows\PFRO.log
2014-10-15 09:53 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 09:53 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 09:53 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-15 09:53 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 09:53 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-15 09:53 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-15 09:53 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-15 09:53 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-15 09:53 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 09:52 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 09:52 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 09:52 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 09:52 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 09:52 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 09:52 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 09:52 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 09:52 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 09:52 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 09:52 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 09:52 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 09:52 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 09:52 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 09:52 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 09:52 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 09:52 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-15 09:52 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-15 09:52 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-15 09:52 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-15 09:52 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-15 09:52 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-15 09:52 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-15 09:52 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-15 09:52 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-15 09:52 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-15 09:52 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-15 09:52 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-15 09:52 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-15 09:52 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-15 09:52 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-15 09:52 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-15 09:52 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-15 09:52 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-15 09:52 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-15 09:51 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 09:51 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 09:51 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 09:51 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 09:51 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 09:51 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 09:51 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 09:51 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 09:51 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 09:51 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 09:51 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 09:51 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 09:51 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 09:51 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 09:51 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 09:51 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 09:51 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 09:51 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 09:51 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 09:51 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 09:51 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 09:51 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 09:51 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 09:51 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 09:51 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 09:51 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 09:51 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 09:51 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 09:51 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 09:51 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 09:51 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 09:51 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 09:51 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 09:51 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 09:51 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 09:51 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 09:51 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 09:51 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 09:51 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 09:51 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 09:51 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 09:50 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 09:50 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 09:50 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 09:50 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-15 09:50 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 09:50 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 09:50 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 09:50 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 09:50 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-15 09:49 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 09:49 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 09:49 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 09:49 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 09:49 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 09:49 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 09:49 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 09:49 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:44 - 2014-10-15 09:44 - 00005598 _____ () C:\Users\VIRGINIA\Downloads\report.qfx
2014-10-14 13:19 - 2014-10-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 10:51 - 2014-10-19 16:42 - 00000392 _____ () C:\windows\setupact.log
2014-10-12 10:51 - 2014-10-12 10:51 - 00000000 _____ () C:\windows\setuperr.log
2014-10-11 21:46 - 2014-10-11 21:46 - 00015351 _____ () C:\Users\VIRGINIA\Documents\grocery comparison.xlsx
2014-10-11 09:07 - 2014-10-11 09:07 - 00076488 _____ () C:\Users\VIRGINIA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-11 08:19 - 2014-10-11 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-11 08:18 - 2014-10-19 17:23 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 08:18 - 2014-10-19 16:42 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 08:18 - 2014-10-11 08:18 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-11 08:18 - 2014-10-11 08:18 - 00003646 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-30 22:50 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-30 22:50 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 15:37 - 2014-09-30 15:37 - 00086800 _____ () C:\Users\VIRGINIA\Documents\HDMH DI Schedule Nov 2014.xlsx
2014-09-26 17:12 - 2014-10-15 10:00 - 00029122 _____ () C:\Users\VIRGINIA\Documents\Weekly meal planner(2).xlsx
2014-09-23 17:56 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 17:56 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 19:00 - 2014-09-21 19:00 - 00015351 _____ () C:\Users\VIRGINIA\Documents\math pages.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 17:23 - 2013-12-27 18:23 - 00000304 _____ () C:\windows\Tasks\Digital Sites.job
2014-10-19 16:51 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 16:51 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 16:48 - 2012-06-28 03:15 - 02060247 _____ () C:\windows\WindowsUpdate.log
2014-10-19 16:43 - 2014-01-09 21:24 - 00000000 ___RD () C:\Users\VIRGINIA\Dropbox
2014-10-19 16:43 - 2014-01-09 21:17 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Dropbox
2014-10-19 16:43 - 2013-06-04 00:25 - 00000632 __RSH () C:\Users\VIRGINIA\ntuser.pol
2014-10-19 16:43 - 2013-02-13 20:57 - 00000000 ____D () C:\Users\VIRGINIA
2014-10-19 16:42 - 2012-02-18 03:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-19 16:42 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-19 16:35 - 2013-02-15 18:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 16:33 - 2013-07-29 17:47 - 00001945 _____ () C:\windows\epplauncher.mif
2014-10-19 16:33 - 2013-04-01 17:35 - 00000000 ____D () C:\Users\Tanya
2014-10-19 16:33 - 2013-03-31 20:30 - 00000000 ____D () C:\Users\Guest
2014-10-19 15:05 - 2014-06-05 21:42 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\.minecraft
2014-10-19 14:44 - 2014-08-27 13:50 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Adobe
2014-10-19 14:44 - 2013-02-13 21:22 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Adobe
2014-10-18 17:33 - 2013-03-31 20:09 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Software Documentation
2014-10-18 17:33 - 2013-03-31 20:09 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Recipes
2014-10-18 17:33 - 2013-03-31 20:08 - 00000000 ____D () C:\Users\VIRGINIA\Documents\chiro exercises
2014-10-18 14:06 - 2013-04-25 16:44 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-18 14:02 - 2014-08-01 21:49 - 00000000 ____D () C:\Prodigy
2014-10-18 14:02 - 2014-08-01 20:06 - 00000000 __SHD () C:\Users\VIRGINIA\AppData\Local\EmieUserList
2014-10-18 14:02 - 2014-08-01 20:06 - 00000000 __SHD () C:\Users\VIRGINIA\AppData\Local\EmieSiteList
2014-10-18 14:02 - 2014-05-16 17:21 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Efficient To-Do List Free
2014-10-18 14:02 - 2013-12-27 18:25 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Mobogenie
2014-10-18 14:02 - 2013-08-28 01:47 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Audacity
2014-10-18 14:02 - 2013-08-16 12:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-18 14:02 - 2009-07-29 01:10 - 00000000 ____D () C:\Users\Administrator
2014-10-18 13:49 - 2014-08-12 18:20 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Scribus
2014-10-18 13:49 - 2014-07-13 13:25 - 00000000 ____D () C:\Users\VIRGINIA\Documents\PAY STUBS
2014-10-18 13:49 - 2013-10-11 09:45 - 00000000 ____D () C:\Users\VIRGINIA\Documents\My PSP Files
2014-10-18 13:49 - 2013-09-09 19:30 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Family Tree Maker
2014-10-18 13:49 - 2013-04-01 19:50 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Aimersoft DVD Creator
2014-10-18 13:49 - 2013-03-12 12:14 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Fax
2014-10-18 13:49 - 2013-02-13 21:34 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Mozilla
2014-10-18 13:48 - 2013-11-28 03:42 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2014-10-18 13:48 - 2013-07-03 12:44 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\calibre
2014-10-18 13:48 - 2013-06-20 20:55 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\HandBrake
2014-10-18 13:48 - 2013-04-20 16:56 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\FlvtoConverter
2014-10-18 13:48 - 2013-02-15 17:48 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\ASUS WebStorage
2014-10-18 13:48 - 2013-02-13 21:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Apple Computer
2014-10-18 13:46 - 2014-02-13 19:48 - 00000000 ____D () C:\Users\VIRGINIA\.gimp-2.8
2014-10-18 13:46 - 2014-01-10 22:01 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Apps\2.0
2014-10-18 13:46 - 2013-12-27 18:25 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\cache
2014-10-18 13:46 - 2013-04-25 16:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Google
2014-10-18 13:46 - 2013-02-13 21:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Apple Computer
2014-10-18 13:44 - 2014-06-15 12:48 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\.minecraft
2014-10-18 13:44 - 2013-12-26 20:16 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\HandBrake
2014-10-18 13:44 - 2013-04-01 18:39 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\Mozilla
2014-10-18 13:44 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\Apple Computer
2014-10-18 13:44 - 2013-03-31 20:30 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-10-18 13:30 - 2013-02-15 18:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 13:30 - 2013-02-15 18:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 13:30 - 2013-02-15 18:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-10-18 09:36 - 2013-03-31 20:08 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Craft Projects and Gift Ideas
2014-10-18 09:11 - 2013-08-28 13:30 - 00141824 ___SH () C:\Users\VIRGINIA\Documents\Thumbs.db
2014-10-17 00:08 - 2014-08-10 14:25 - 00081826 _____ () C:\Users\VIRGINIA\Documents\Estimated Pay Stubs.xlsx
2014-10-16 13:17 - 2014-01-03 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 09:50 - 2012-06-28 03:24 - 00002826 _____ () C:\windows\system32\AutoRunFilter.ini
2014-10-16 04:33 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-16 03:42 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 03:36 - 2013-12-17 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-16 03:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 03:08 - 2013-07-29 17:07 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 03:00 - 2013-02-17 22:17 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-11 09:04 - 2013-08-28 11:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-11 08:19 - 2012-02-18 03:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 18:52 - 2013-08-22 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-05 17:38 - 2009-07-14 01:13 - 00876042 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-01 12:42 - 2013-05-21 20:22 - 00534104 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2014-10-01 11:11 - 2014-01-03 15:09 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-23 18:04 - 2013-02-14 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-22 19:45 - 2013-08-28 01:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-22 02:42 - 2013-02-18 22:36 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-20 23:31 - 2014-01-09 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2014-09-20 23:31 - 2014-01-09 20:26 - 00000000 ____D () C:\Program Files (x86)\YNAB 4

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\Public\Minecraft.exe
C:\Users\VIRGINIA\Citrix Online Launcher.exe


Some content of TEMP:
====================
C:\Users\VIRGINIA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpevh65r.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:26

==================== End Of Log ============================


  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

OK, let's party! :)



RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.



aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • Click the AV Scan: drop down box and select C:\.
  • Select scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!
 


  • 0

Advertisements


#11
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

aswMBR has crashed twice now at the 1.5 hour mark.  I did notice that there is a mobogenie folder. I thought I remember trying to get rid of that at some point.  I know the name mobogenie for some reason.

 

Here is the Rogue Killer report

 

RogueKiller V10.0.2.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : VIRGINIA [Administrator]
Mode : Scan -- Date : 10/19/2014  18:15:23

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7353270B-DCFC-4977-99A8-22157870CB28} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7353270B-DCFC-4977-99A8-22157870CB28} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7353270B-DCFC-4977-99A8-22157870CB28} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] Digital Sites.job -- C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
[Suspicious.Path] \\Digital Sites -- C:\Users\VIRGINIA\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 67 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_DevNode_Status : C:\windows\system32\CFGMGR32.dll @ 0x7fefd1130c0
[IAT:Addr] (explorer.exe @ POWRPROF.dll) SETUPAPI.dll - CM_Get_Device_IDW : C:\windows\system32\CFGMGR32.dll @ 0x7fefd114034
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\system32\VERSION.dll @ 0x7fefbf715e0
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\system32\VERSION.dll @ 0x7fefbf714e8
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\system32\VERSION.dll @ 0x7fefbf7193c
[IAT:Addr] (explorer.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\windows\system32\VERSION.dll @ 0x7fefbf71b94
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\system32\VERSION.dll @ 0x7fefbf715e0
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\system32\VERSION.dll @ 0x7fefbf7193c
[IAT:Addr] (explorer.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\system32\VERSION.dll @ 0x7fefbf714e8
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\windows\system32\ole32.dll @ 0x7fefee00680
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\windows\system32\ole32.dll @ 0x7fefedf9370
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\windows\system32\ole32.dll @ 0x7fefee22e18
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\windows\system32\ole32.dll @ 0x7fefee17490
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\windows\system32\ole32.dll @ 0x7fefee12a30
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\windows\system32\ole32.dll @ 0x7fefee1ea20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\windows\system32\ole32.dll @ 0x7fefee2bf00
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\windows\system32\ole32.dll @ 0x7fefee03e90
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\windows\system32\ole32.dll @ 0x7fefedf8284
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\windows\system32\ole32.dll @ 0x7fefedfd9d0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\windows\system32\ole32.dll @ 0x7fefee1ef20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\windows\system32\ole32.dll @ 0x7fefee1f1ac
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\windows\system32\ole32.dll @ 0x7fefee13560
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\windows\system32\ole32.dll @ 0x7fefee09980
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\windows\system32\ole32.dll @ 0x7fefef19440
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\windows\system32\ole32.dll @ 0x7fefee18e70
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\windows\system32\ole32.dll @ 0x7fefee18e20
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\windows\system32\ole32.dll @ 0x7fefee11314
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\system32\VERSION.dll @ 0x7fefbf7193c
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\system32\VERSION.dll @ 0x7fefbf715e0
[IAT:Addr] (explorer.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\system32\VERSION.dll @ 0x7fefbf714e8
[IAT:Addr] (explorer.exe @ acppage.dll) sfc.dll - SfcIsFileProtected : C:\windows\system32\sfc_os.DLL @ 0x7fef4a916f0
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\system32\VERSION.dll @ 0x7fefbf714e8
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\system32\VERSION.dll @ 0x7fefbf7193c
[IAT:Addr] (explorer.exe @ ieframe.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\system32\VERSION.dll @ 0x7fefbf715e0
[IAT:Addr] (firefox.exe @ xul.dll) NETAPI32.dll - NetApiBufferFree : C:\windows\SysWOW64\netutils.dll @ 0x6f3f13d2
[IAT:Addr] (firefox.exe @ xul.dll) NETAPI32.dll - NetUserGetInfo : C:\windows\SysWOW64\SAMCLI.DLL @ 0x6f3b1be2
[IAT:Addr] (firefox.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\SysWOW64\VERSION.dll @ 0x745518e9
[IAT:Addr] (firefox.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueA : C:\windows\SysWOW64\VERSION.dll @ 0x74551b72
[IAT:Addr] (firefox.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\SysWOW64\VERSION.dll @ 0x74551a15
[IAT:Addr] (firefox.exe @ WININET.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\SysWOW64\VERSION.dll @ 0x74551b51
[IAT:Addr] (firefox.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\SysWOW64\VERSION.dll @ 0x74551b51
[IAT:Addr] (firefox.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\SysWOW64\VERSION.dll @ 0x74551a15
[IAT:Addr] (firefox.exe @ iertutil.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\SysWOW64\VERSION.dll @ 0x745518e9
[IAT:Addr] (firefox.exe @ ieframe.DLL) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\SysWOW64\VERSION.dll @ 0x745518e9
[IAT:Addr] (firefox.exe @ ieframe.DLL) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\SysWOW64\VERSION.dll @ 0x74551a15
[IAT:Addr] (firefox.exe @ ieframe.DLL) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\SysWOW64\VERSION.dll @ 0x74551b51
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromString : C:\windows\syswow64\ole32.dll @ 0x7589e599
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUnmarshalInterface : C:\windows\syswow64\ole32.dll @ 0x758af150
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetClassObject : C:\windows\syswow64\ole32.dll @ 0x758b54ad
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateInstance : C:\windows\syswow64\ole32.dll @ 0x758c9d0b
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoSetProxyBlanket : C:\windows\syswow64\ole32.dll @ 0x75895ea5
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromCLSID : C:\windows\syswow64\ole32.dll @ 0x7589eb17
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoCreateGuid : C:\windows\syswow64\ole32.dll @ 0x758c15d5
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetTreatAsClass : C:\windows\syswow64\ole32.dll @ 0x758aa72f
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoGetMarshalSizeMax : C:\windows\syswow64\ole32.dll @ 0x758af1eb
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoMarshalInterface : C:\windows\syswow64\ole32.dll @ 0x758aef03
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - StringFromGUID2 : C:\windows\syswow64\ole32.dll @ 0x758c22ec
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - FreePropVariantArray : C:\windows\syswow64\ole32.dll @ 0x75892d6d
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoInitializeEx : C:\windows\syswow64\ole32.dll @ 0x758c09ad
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoFreeUnusedLibraries : C:\windows\syswow64\ole32.dll @ 0x75910cc2
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemAlloc : C:\windows\syswow64\ole32.dll @ 0x758cea4c
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoTaskMemFree : C:\windows\syswow64\ole32.dll @ 0x758d6f41
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CLSIDFromProgID : C:\windows\syswow64\ole32.dll @ 0x758a503c
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-ole32-l1-1-0.dll - CoUninitialize : C:\windows\syswow64\ole32.dll @ 0x758c86d3
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoExW : C:\windows\SysWOW64\VERSION.dll @ 0x74551a15
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - VerQueryValueW : C:\windows\SysWOW64\VERSION.dll @ 0x74551b51
[IAT:Addr] (firefox.exe @ urlmon.dll) api-ms-win-downlevel-version-l1-1-0.dll - GetFileVersionInfoSizeExW : C:\windows\SysWOW64\VERSION.dll @ 0x745518e9

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] adb8df4442b0718164b7703fa0458dc6
[BSP] cbc6313c38c25ed71d780702e668ddf5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 52430848 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 52635648 | Size: 190776 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 443344896 | Size: 260463 MB
User = LL1 ... OK
User = LL2 ... OK
 


  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
 
Mobogenie is one of the things we will have to remove. But I suspect there may be something heavier here and I'd like to know about it prior to removing some minor junk.



51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!


  • 0

#13
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I'm off to work.  I likely won't get back to this until about 1800 eastern.

 

Here's the log file:

 

ComboFix 14-10-20.01 - VIRGINIA 20/10/2014   7:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6048.3272 [GMT -4:00]
Running from: c:\users\VIRGINIA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Minecraft.exe
c:\users\VIRGINIA\Citrix Online Launcher.exe
c:\users\VIRGINIA\Documents\~WRL0272.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-20 to 2014-10-20  )))))))))))))))))))))))))))))))
.
.
2014-10-20 11:33 . 2014-10-20 11:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-20 01:57 . 2014-09-15 06:08    11578928    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{100FCD09-AA15-475F-A4F0-AB2D7EF9D56F}\mpengine.dll
2014-10-19 23:57 . 2014-10-20 08:19    --------    d-----w-    c:\users\VIRGINIA\AppData\Local\CrashDumps
2014-10-19 22:07 . 2014-10-19 22:07    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-19 22:07 . 2014-10-19 22:07    --------    d-----w-    c:\programdata\RogueKiller
2014-10-19 21:06 . 2014-10-19 21:08    1214    ----a-w-    C:\FixitRegBackup.reg
2014-10-19 16:45 . 2014-10-19 22:05    --------    d-----w-    C:\FRST
2014-10-18 18:12 . 2014-10-18 18:12    --------    d-----w-    c:\users\VIRGINIA\AppData\Roaming\IsolatedStorage
2014-10-18 18:12 . 2014-10-18 18:12    --------    d-----w-    c:\programdata\IsolatedStorage
2014-10-18 18:11 . 2014-10-18 18:11    --------    d-----w-    c:\users\VIRGINIA\AppData\Roaming\DigitalVolcano
2014-10-18 18:11 . 2014-10-18 18:11    --------    d-----w-    c:\program files (x86)\Duplicate Cleaner Pro
2014-10-18 18:00 . 2014-10-18 18:00    --------    d-----w-    c:\program files (x86)\FMS Empty File Remover
2014-10-18 17:59 . 2014-10-18 17:59    --------    d-----w-    c:\users\VIRGINIA\AppData\Local\Programs
2014-10-18 17:57 . 2014-10-18 17:57    --------    d-----w-    c:\users\VIRGINIA\AppData\Local\Macromedia
2014-10-18 17:37 . 2014-10-18 17:37    --------    d-----w-    c:\users\VIRGINIA\AppData\Local\Remove_Empty_Directories
2014-10-18 17:36 . 2014-10-18 17:36    --------    d-----w-    c:\program files (x86)\Remove Empty Directories
2014-10-18 17:00 . 2014-10-18 17:01    3949064    ----a-w-    C:\empties.bat
2014-10-16 17:18 . 2014-10-20 11:04    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-16 17:17 . 2014-10-01 15:11    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-16 17:17 . 2014-10-01 15:11    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-16 17:17 . 2014-10-16 17:17    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-15 13:52 . 2014-07-07 02:06    325632    ----a-w-    c:\windows\system32\msnetobj.dll
2014-10-15 13:51 . 2014-10-07 02:04    812736    ----a-w-    c:\program files (x86)\Internet Explorer\iexplore.exe
2014-10-15 13:50 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-15 13:50 . 2014-09-18 01:32    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-15 13:50 . 2014-08-29 02:07    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2014-10-15 13:50 . 2014-08-29 01:44    37376    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2014-10-15 13:50 . 2014-08-29 01:44    269312    ----a-w-    c:\windows\SysWow64\aaclient.dll
2014-10-15 13:50 . 2014-08-29 01:44    1050112    ----a-w-    c:\windows\SysWow64\mstsc.exe
2014-10-15 13:50 . 2014-08-29 02:07    322560    ----a-w-    c:\windows\system32\aaclient.dll
2014-10-15 13:50 . 2014-08-29 02:06    1125888    ----a-w-    c:\windows\system32\mstsc.exe
2014-10-15 13:50 . 2014-08-29 01:44    4922368    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-10-15 13:50 . 2014-08-29 02:07    5780480    ----a-w-    c:\windows\system32\mstscax.dll
2014-10-15 13:50 . 2014-08-29 02:07    3179520    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-10-15 13:50 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll
2014-10-15 13:50 . 2014-09-04 05:04    372736    ----a-w-    c:\windows\SysWow64\rastls.dll
2014-10-01 02:50 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-01 02:50 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-23 21:56 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-23 21:56 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-18 17:30 . 2013-02-15 22:59    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-18 17:30 . 2013-02-15 22:59    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 07:00 . 2013-02-18 02:17    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-10-01 16:42 . 2013-05-22 00:22    534104    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2014-10-01 15:11 . 2014-01-03 19:09    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-23 22:00 . 2013-02-14 22:31    590536    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-15 13:06 . 2013-02-19 02:36    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-08-23 02:07 . 2014-08-29 01:56    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 01:56    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-16 20:26 . 2012-07-17 18:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-12 22:51 . 2014-08-12 22:55    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 11:53 . 2014-09-09 23:07    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-09 23:07    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 06:35 . 2014-07-25 06:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47 . 2014-07-25 03:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-20 15:32    223432    ----a-w-    c:\users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-20 15:32    223432    ----a-w-    c:\users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-20 15:32    223432    ----a-w-    c:\users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
"GoogleChromeAutoLaunch_EF0DA795C05222B22E21F592E60D47F1"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-01 854344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
c:\users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys;c:\windows\SYSNATIVE\DRIVERS\tclondrv.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 RapportCerberus_80055;RapportCerberus_80055;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-11 12:19    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-15 17:30]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11 12:17]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11 12:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-20 15:32    262344    ----a-w-    c:\users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-20 15:32    262344    ----a-w-    c:\users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-20 15:32    262344    ----a-w-    c:\users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-23 22:03    2334416    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-23 22:03    2334416    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-23 22:03    2334416    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-15 22:34    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09    227840    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-03 392472]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2014-04-01 892608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: prodigygame.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\VIRGINIA\AppData\Roaming\Mozilla\Firefox\Profiles\mx9mchdw.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-06175353.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-20  07:41:00
ComboFix-quarantined-files.txt  2014-10-20 11:40
.
Pre-Run: 65,832,525,824 bytes free
Post-Run: 65,186,467,840 bytes free
.
- - End Of File - - C1D2167E8222D50D86536A0012FF9F6E
 


  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
You caught me during my lunch break (almost 2.00 PM here). Have a nice day, when you return please re-run FRST as instructed below.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#15
pingu632

pingu632

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014 01
Ran by VIRGINIA (administrator) on VIRGINIA-PC on 20-10-2014 18:16:50
Running from C:\Users\VIRGINIA\Desktop
Loaded Profile: VIRGINIA (Available profiles: VIRGINIA & Tanya & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PSIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Run: [GoogleChromeAutoLaunch_EF0DA795C05222B22E21F592E60D47F1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-589063879-4051792814-2538650772-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicyUsers\S-1-5-21-589063879-4051792814-2538650772-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Firefox\Profiles\mx9mchdw.default
FF Homepage: https://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\VIRGINIA\AppData\Roaming\Mozilla\Firefox\Profiles\mx9mchdw.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-25]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR Profile: C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-11]
CHR Extension: (Google Docs) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-11]
CHR Extension: (Google Drive) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-11]
CHR Extension: (YouTube) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-11]
CHR Extension: (Google Search) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-11]
CHR Extension: (avast! SafePrice) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-10-11]
CHR Extension: (Google Sheets) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-11]
CHR Extension: (avast! Online Security) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-11]
CHR Extension: (Pin It Button) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-11]
CHR Extension: (Gmail) - C:\Users\VIRGINIA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-16] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-01] (IBM Corp.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-09-26] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-01] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-01] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-01] (IBM Corp.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 18:05 - 2014-10-20 18:05 - 00000000 ____D () C:\Users\VIRGINIA\Desktop\FRST-OlderVersion
2014-10-20 07:41 - 2014-10-20 07:41 - 00029449 _____ () C:\Users\VIRGINIA\Desktop\ComboFix.txt
2014-10-20 07:11 - 2014-10-20 07:41 - 00000000 ____D () C:\Qoobox
2014-10-20 07:11 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2014-10-20 07:11 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2014-10-20 07:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-10-20 07:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-10-20 07:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-10-20 07:11 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2014-10-20 07:11 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2014-10-20 07:11 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2014-10-20 07:10 - 2014-10-20 07:35 - 00000000 ____D () C:\windows\erdnt
2014-10-20 07:08 - 2014-10-20 07:08 - 05583433 ____R (Swearware) C:\Users\VIRGINIA\Desktop\ComboFix.exe
2014-10-19 19:57 - 2014-10-20 04:19 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\CrashDumps
2014-10-19 18:31 - 2014-10-19 18:31 - 05185536 _____ (AVAST Software) C:\Users\VIRGINIA\Desktop\aswMBR.exe
2014-10-19 18:30 - 2014-10-19 18:30 - 00012739 _____ () C:\Users\VIRGINIA\Desktop\RKreport_SCN_10192014_181523.log
2014-10-19 18:07 - 2014-10-19 18:07 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-19 18:07 - 2014-10-19 18:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-19 18:06 - 2014-10-19 18:06 - 18550872 _____ () C:\Users\VIRGINIA\Desktop\RogueKillerX64.exe
2014-10-19 17:06 - 2014-10-19 17:08 - 00001214 _____ () C:\FixitRegBackup.reg
2014-10-19 17:04 - 2014-10-19 17:04 - 00899584 _____ () C:\Users\VIRGINIA\Desktop\MicrosoftFixit50535.msi
2014-10-19 16:38 - 2014-10-19 16:38 - 501611816 _____ () C:\Users\VIRGINIA\Documents\manual reg backup.reg
2014-10-19 16:32 - 2014-10-19 16:32 - 01132704 _____ (ESET spol. s r.o.) C:\Users\VIRGINIA\Desktop\eset_av_remover.exe
2014-10-19 12:46 - 2014-10-20 18:07 - 00041085 _____ () C:\Users\VIRGINIA\Desktop\Addition.txt
2014-10-19 12:45 - 2014-10-20 18:17 - 00019460 _____ () C:\Users\VIRGINIA\Desktop\FRST.txt
2014-10-19 12:45 - 2014-10-20 18:16 - 00000000 ____D () C:\FRST
2014-10-19 12:44 - 2014-10-20 18:05 - 02110976 _____ (Farbar) C:\Users\VIRGINIA\Desktop\FRST64.exe
2014-10-18 21:24 - 2014-10-19 17:23 - 00109060 _____ () C:\Users\VIRGINIA\Desktop\OTL.Txt
2014-10-18 21:10 - 2014-10-18 21:10 - 00066284 _____ () C:\Users\VIRGINIA\Desktop\AutoRuns ms and win excluded.txt
2014-10-18 21:08 - 2014-10-18 21:08 - 00095930 _____ () C:\Users\VIRGINIA\Desktop\AutoRuns.txt
2014-10-18 14:12 - 2014-10-18 14:12 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\IsolatedStorage
2014-10-18 14:12 - 2014-10-18 14:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Pro
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\DigitalVolcano
2014-10-18 14:11 - 2014-10-18 14:11 - 00000000 ____D () C:\Program Files (x86)\Duplicate Cleaner Pro
2014-10-18 14:10 - 2014-10-18 14:11 - 08305664 _____ (DigitalVolcano Software Ltd) C:\Users\VIRGINIA\Downloads\DuplicateCleaner3_setup.exe
2014-10-18 14:00 - 2014-10-18 14:00 - 00000000 ____D () C:\Program Files (x86)\FMS Empty File Remover
2014-10-18 13:59 - 2014-10-18 13:59 - 00752732 _____ (FileManagerSoft Ltd. ) C:\Users\VIRGINIA\Downloads\EmptyFileRemoverSetup.exe
2014-10-18 13:57 - 2014-10-18 13:57 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Macromedia
2014-10-18 13:37 - 2014-10-18 13:37 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Remove_Empty_Directories
2014-10-18 13:36 - 2014-10-18 13:36 - 00000000 ____D () C:\Program Files (x86)\Remove Empty Directories
2014-10-18 13:35 - 2014-10-18 13:35 - 00404482 _____ (Jonas John ) C:\Users\VIRGINIA\Downloads\red-v2.2-setup.exe
2014-10-18 13:34 - 2014-10-18 13:34 - 00699016 _____ (CNET Download.com) C:\Users\VIRGINIA\Downloads\cbsidlm-cbsi213-Remove_Empty_Directories-SEO-10755867.exe
2014-10-18 13:18 - 2014-10-18 13:18 - 00141616 _____ () C:\Users\VIRGINIA\Downloads\delempty.exe
2014-10-18 13:00 - 2014-10-18 13:01 - 03949064 _____ () C:\empties.bat
2014-10-18 09:25 - 2014-10-18 09:26 - 00000000 ____D () C:\Users\VIRGINIA\Documents\CC Cleaner reg backups
2014-10-18 09:01 - 2014-10-18 09:01 - 00448512 _____ (OldTimer Tools) C:\Users\VIRGINIA\Downloads\TFC.exe
2014-10-18 08:54 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\VIRGINIA\Desktop\autoruns.exe
2014-10-18 08:54 - 2014-09-11 08:57 - 00505536 _____ (Sysinternals - www.sysinternals.com) C:\Users\VIRGINIA\Desktop\autorunsc.exe
2014-10-18 08:54 - 2014-08-05 08:20 - 00049518 _____ () C:\Users\VIRGINIA\Desktop\autoruns.chm
2014-10-18 08:06 - 2014-10-18 08:06 - 00602112 _____ (OldTimer Tools) C:\Users\VIRGINIA\Desktop\OTL.exe
2014-10-16 13:18 - 2014-10-20 18:04 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 13:18 - 2014-10-16 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-16 13:17 - 2014-10-16 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 13:17 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-16 13:17 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-16 10:14 - 2014-10-16 10:14 - 00002871 _____ () C:\Users\VIRGINIA\Downloads\statement.qfx
2014-10-16 09:59 - 2014-10-16 09:59 - 00001073 _____ () C:\Users\VIRGINIA\Downloads\cibc.qfx
2014-10-16 09:53 - 2014-10-16 09:53 - 00001111 _____ () C:\Users\VIRGINIA\Downloads\PCF.qfx
2014-10-16 03:37 - 2014-10-16 03:37 - 00353256 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 03:36 - 2014-10-20 17:42 - 00004132 _____ () C:\windows\PFRO.log
2014-10-15 09:53 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 09:53 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 09:53 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-10-15 09:53 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2014-10-15 09:53 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-10-15 09:53 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-10-15 09:53 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2014-10-15 09:53 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-10-15 09:53 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-10-15 09:53 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2014-10-15 09:53 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-10-15 09:53 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-10-15 09:53 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-15 09:53 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 09:52 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 09:52 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 09:52 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 09:52 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 09:52 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 09:52 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 09:52 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 09:52 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 09:52 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 09:52 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 09:52 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 09:52 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 09:52 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 09:52 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 09:52 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 09:52 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2014-10-15 09:52 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2014-10-15 09:52 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2014-10-15 09:52 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2014-10-15 09:52 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2014-10-15 09:52 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2014-10-15 09:52 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2014-10-15 09:52 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2014-10-15 09:52 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-10-15 09:52 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-10-15 09:52 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2014-10-15 09:52 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2014-10-15 09:52 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2014-10-15 09:52 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2014-10-15 09:52 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-10-15 09:52 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2014-10-15 09:52 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2014-10-15 09:52 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2014-10-15 09:52 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2014-10-15 09:52 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-10-15 09:52 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-10-15 09:52 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-10-15 09:51 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 09:51 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 09:51 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 09:51 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 09:51 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 09:51 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 09:51 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 09:51 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 09:51 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 09:51 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 09:51 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 09:51 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 09:51 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 09:51 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 09:51 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 09:51 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 09:51 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 09:51 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 09:51 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 09:51 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 09:51 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 09:51 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 09:51 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 09:51 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 09:51 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 09:51 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 09:51 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 09:51 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 09:51 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 09:51 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 09:51 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 09:51 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 09:51 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 09:51 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 09:51 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 09:51 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 09:51 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 09:51 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 09:51 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 09:51 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 09:51 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 09:50 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 09:50 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 09:50 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 09:50 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-15 09:50 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-15 09:50 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 09:50 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 09:50 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 09:50 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 09:50 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-15 09:49 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 09:49 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 09:49 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 09:49 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 09:49 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 09:49 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 09:49 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 09:49 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 09:49 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:44 - 2014-10-15 09:44 - 00005598 _____ () C:\Users\VIRGINIA\Downloads\report.qfx
2014-10-14 13:19 - 2014-10-14 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 10:51 - 2014-10-20 17:42 - 00000504 _____ () C:\windows\setupact.log
2014-10-12 10:51 - 2014-10-12 10:51 - 00000000 _____ () C:\windows\setuperr.log
2014-10-11 21:46 - 2014-10-11 21:46 - 00015351 _____ () C:\Users\VIRGINIA\Documents\grocery comparison.xlsx
2014-10-11 09:07 - 2014-10-11 09:07 - 00076488 _____ () C:\Users\VIRGINIA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-11 08:19 - 2014-10-11 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-11 08:18 - 2014-10-20 18:04 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 08:18 - 2014-10-20 17:41 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 08:18 - 2014-10-11 08:18 - 00003898 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-11 08:18 - 2014-10-11 08:18 - 00003646 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-08 20:09 - 2014-10-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-30 22:50 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-09-30 22:50 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-09-30 15:37 - 2014-09-30 15:37 - 00086800 _____ () C:\Users\VIRGINIA\Documents\HDMH DI Schedule Nov 2014.xlsx
2014-09-26 17:12 - 2014-10-15 10:00 - 00029122 _____ () C:\Users\VIRGINIA\Documents\Weekly meal planner(2).xlsx
2014-09-23 17:56 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-23 17:56 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-21 19:00 - 2014-09-21 19:00 - 00015351 _____ () C:\Users\VIRGINIA\Documents\math pages.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-20 18:04 - 2014-01-09 21:24 - 00000000 ___RD () C:\Users\VIRGINIA\Dropbox
2014-10-20 18:04 - 2014-01-09 21:17 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Dropbox
2014-10-20 18:04 - 2013-06-04 00:25 - 00000632 __RSH () C:\Users\VIRGINIA\ntuser.pol
2014-10-20 18:04 - 2013-02-13 20:57 - 00000000 ____D () C:\Users\VIRGINIA
2014-10-20 17:51 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 17:51 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 17:50 - 2012-06-28 03:15 - 01082913 _____ () C:\windows\WindowsUpdate.log
2014-10-20 17:42 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-20 17:41 - 2013-02-15 18:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 07:41 - 2009-07-29 01:10 - 00000000 ____D () C:\Users\Administrator
2014-10-20 07:33 - 2009-07-13 22:34 - 00000215 _____ () C:\windows\system.ini
2014-10-19 17:54 - 2014-06-20 02:29 - 00007597 _____ () C:\Users\VIRGINIA\AppData\Local\Resmon.ResmonCfg
2014-10-19 16:42 - 2012-02-18 03:36 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-19 16:33 - 2013-07-29 17:47 - 00001945 _____ () C:\windows\epplauncher.mif
2014-10-19 16:33 - 2013-04-01 17:35 - 00000000 ____D () C:\Users\Tanya
2014-10-19 16:33 - 2013-03-31 20:30 - 00000000 ____D () C:\Users\Guest
2014-10-19 15:05 - 2014-06-05 21:42 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\.minecraft
2014-10-19 14:44 - 2014-08-27 13:50 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Adobe
2014-10-19 14:44 - 2013-02-13 21:22 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Adobe
2014-10-18 17:33 - 2013-03-31 20:09 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Software Documentation
2014-10-18 17:33 - 2013-03-31 20:09 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Recipes
2014-10-18 17:33 - 2013-03-31 20:08 - 00000000 ____D () C:\Users\VIRGINIA\Documents\chiro exercises
2014-10-18 14:06 - 2013-04-25 16:44 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-18 14:02 - 2014-08-01 21:49 - 00000000 ____D () C:\Prodigy
2014-10-18 14:02 - 2014-08-01 20:06 - 00000000 __SHD () C:\Users\VIRGINIA\AppData\Local\EmieUserList
2014-10-18 14:02 - 2014-08-01 20:06 - 00000000 __SHD () C:\Users\VIRGINIA\AppData\Local\EmieSiteList
2014-10-18 14:02 - 2014-05-16 17:21 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Efficient To-Do List Free
2014-10-18 14:02 - 2013-12-27 18:25 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Mobogenie
2014-10-18 14:02 - 2013-08-28 01:47 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Audacity
2014-10-18 14:02 - 2013-08-16 12:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-18 13:49 - 2014-08-12 18:20 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Scribus
2014-10-18 13:49 - 2014-07-13 13:25 - 00000000 ____D () C:\Users\VIRGINIA\Documents\PAY STUBS
2014-10-18 13:49 - 2013-10-11 09:45 - 00000000 ____D () C:\Users\VIRGINIA\Documents\My PSP Files
2014-10-18 13:49 - 2013-09-09 19:30 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Family Tree Maker
2014-10-18 13:49 - 2013-04-01 19:50 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Aimersoft DVD Creator
2014-10-18 13:49 - 2013-03-12 12:14 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Fax
2014-10-18 13:49 - 2013-02-13 21:34 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Mozilla
2014-10-18 13:48 - 2013-11-28 03:42 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2014-10-18 13:48 - 2013-07-03 12:44 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\calibre
2014-10-18 13:48 - 2013-06-20 20:55 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\HandBrake
2014-10-18 13:48 - 2013-04-20 16:56 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\FlvtoConverter
2014-10-18 13:48 - 2013-02-15 17:48 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\ASUS WebStorage
2014-10-18 13:48 - 2013-02-13 21:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Roaming\Apple Computer
2014-10-18 13:46 - 2014-02-13 19:48 - 00000000 ____D () C:\Users\VIRGINIA\.gimp-2.8
2014-10-18 13:46 - 2014-01-10 22:01 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Apps\2.0
2014-10-18 13:46 - 2013-12-27 18:25 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\cache
2014-10-18 13:46 - 2013-04-25 16:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Google
2014-10-18 13:46 - 2013-02-13 21:45 - 00000000 ____D () C:\Users\VIRGINIA\AppData\Local\Apple Computer
2014-10-18 13:44 - 2014-06-15 12:48 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\.minecraft
2014-10-18 13:44 - 2013-12-26 20:16 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\HandBrake
2014-10-18 13:44 - 2013-04-01 18:39 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\Mozilla
2014-10-18 13:44 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\Tanya\AppData\Roaming\Apple Computer
2014-10-18 13:44 - 2013-03-31 20:30 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-10-18 13:30 - 2013-02-15 18:59 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-18 13:30 - 2013-02-15 18:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-18 13:30 - 2013-02-15 18:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-10-18 09:36 - 2013-03-31 20:08 - 00000000 ____D () C:\Users\VIRGINIA\Documents\Craft Projects and Gift Ideas
2014-10-18 09:11 - 2013-08-28 13:30 - 00141824 ___SH () C:\Users\VIRGINIA\Documents\Thumbs.db
2014-10-17 00:08 - 2014-08-10 14:25 - 00081826 _____ () C:\Users\VIRGINIA\Documents\Estimated Pay Stubs.xlsx
2014-10-16 13:17 - 2014-01-03 15:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 09:50 - 2012-06-28 03:24 - 00002826 _____ () C:\windows\system32\AutoRunFilter.ini
2014-10-16 04:33 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-10-16 03:42 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 03:36 - 2013-12-17 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-16 03:34 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-16 03:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 03:08 - 2013-07-29 17:07 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 03:00 - 2013-02-17 22:17 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-11 09:04 - 2013-08-28 11:46 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-11 08:19 - 2012-02-18 03:37 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 18:52 - 2013-08-22 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-05 17:38 - 2009-07-14 01:13 - 00876042 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-01 12:42 - 2013-05-21 20:22 - 00534104 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKE64.sys
2014-10-01 11:11 - 2014-01-03 15:09 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-23 18:04 - 2013-02-14 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-22 19:45 - 2013-08-28 01:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-20 23:31 - 2014-01-09 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2014-09-20 23:31 - 2014-01-09 20:26 - 00000000 ____D () C:\Program Files (x86)\YNAB 4

Files to move or delete:
====================
C:\ProgramData\pclunst.exe


Some content of TEMP:
====================
C:\Users\VIRGINIA\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyb1mno.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:26

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014 01
Ran by VIRGINIA at 2014-10-20 18:17:28
Running from C:\Users\VIRGINIA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Aimersoft DVD Creator(Build 2.6.5) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version:  - Wondershare)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J615W (HKLM-x32\...\{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.1.0.48 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Duplicate Cleaner Pro 3.2.5 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.5 - DigitalVolcano Software Ltd)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Efficient To-Do List Free 3.70 (HKLM-x32\...\Efficient To-Do List Free_is1) (Version:  - Efficient Software)
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FMS Empty File Remover 2.9.8 (HKLM-x32\...\{1C363729-80C0-43D6-A975-6C2BC18A5708}_is1) (Version:  - FileManagerSoft Ltd.)
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
GDR 4033 for SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MainConcept MJPEG Codec (HKLM-x32\...\InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}) (Version: 3.02.0004.0000 - MainConcept AG)
MainConcept MJPEG Codec (x32 Version: 3.02.0004.0000 - MainConcept AG) Hidden
MainConcept MJPG software codec (Remove Only) (HKLM-x32\...\MCMJPG) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM-x32\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Plastic Canvas Design Studio 2.0 (HKLM-x32\...\{15B6A87E-1EF2-4AA8-8D62-6462C77B808C}) (Version: 2.00.05 - M&R Technologies, Inc.)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.1.0.48 - Corel Corporation) Hidden
Quicken 2013 (HKLM-x32\...\{0183D8B5-50C7-4A7D-89F8-C5FAB707E615}) (Version: 22.1.2.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Rapport (x32 Version: 3.5.1404.19 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
RivaTuner Statistics Server 6.1.2 (HKLM-x32\...\RTSS) (Version: 6.1.2 - Unwinder)
Sante DICOM Viewer FREE 2.1 (HKLM-x32\...\{86DD1850-8FC6-4907-AE84-DE4BC5CEE725}) (Version: 2.1.9 - Santesoft)
SCARM 0.9.22 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.22 - Milen Peev)
Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.19 - Trusteer)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 5.10 (32-bit) (x32 Version: 5.10.0 - win.rar GmbH) Hidden
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-589063879-4051792814-2538650772-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-10-2014 07:00:16 Windows Update
19-10-2014 20:34:59 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
19-10-2014 21:05:05 Installed Microsoft Fix it 50535
19-10-2014 21:07:25 Installed Microsoft Fix it 50535
20-10-2014 01:56:50 Windows Update
20-10-2014 08:19:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-20 07:33 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0302CFFE-F963-47A0-985F-ED0615AD2A89} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {0FEAF784-3D1C-4C6B-9AF1-AEF38348ADD6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {384081F1-42D1-4FDF-9053-5310EE93782F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {71C15E7E-88F3-4ACC-A766-BCC88EC60748} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {7521411C-794E-481F-A3F4-E3AAFDF65321} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {79EBF54E-2BEB-4D5B-971D-4483EE0D9DEE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {831C67B7-8F4D-46D7-887E-FA5598B16046} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18] (Adobe Systems Incorporated)
Task: {85335C15-7910-4C33-BEA6-FD4DC2FD0749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {8CE89F77-AB9C-41D6-AAA8-06F7F50BEDBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)
Task: {B1395307-22AB-4B88-9468-3B39137CB1E7} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {B9CCE87A-2B64-4834-983C-74616900F5DF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {EFD26B1A-CD74-4A20-B88D-7062802CBBC9} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-21 13:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 _____ () C:\windows\SysWOW64\PSIService.exe
2014-09-23 18:02 - 2014-09-23 18:02 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-03-04 21:24 - 2011-05-05 08:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-04-14 15:41 - 2014-04-14 15:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-07-15 18:34 - 2014-07-15 18:34 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-20 17:43 - 2014-10-20 17:43 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14102001\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-20 18:04 - 2014-10-20 18:04 - 00043008 _____ () c:\users\virginia\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyb1mno.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\VIRGINIA\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-15 18:34 - 2014-07-15 18:34 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-20 17:49 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-20 17:49 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-10-20 17:49 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-20 17:49 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B174FAE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-589063879-4051792814-2538650772-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^VIRGINIA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Efficient To-Do List Free.lnk => C:\windows\pss\Efficient To-Do List Free.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: EfficientToDoListFree =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_EF0DA795C05222B22E21F592E60D47F1 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: Uninstall C: =>
MSCONFIG\startupreg: Wireless Console 3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-589063879-4051792814-2538650772-500 - Administrator - Disabled)
Guest (S-1-5-21-589063879-4051792814-2538650772-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-589063879-4051792814-2538650772-1010 - Limited - Enabled)
Tanya (S-1-5-21-589063879-4051792814-2538650772-1001 - Limited - Enabled) => C:\Users\Tanya
VIRGINIA (S-1-5-21-589063879-4051792814-2538650772-1000 - Administrator - Enabled) => C:\Users\VIRGINIA

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2014 04:19:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12892984

Error: (10/20/2014 04:19:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12892984

Error: (10/20/2014 04:19:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/20/2014 00:34:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2041, time stamp: 0x539e8df7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0xeec
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (10/19/2014 09:37:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2041, time stamp: 0x539e8df7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0x604
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (10/19/2014 07:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswMBR.exe, version: 1.0.1.2041, time stamp: 0x539e8df7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0002e41b
Faulting process id: 0x1088
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20124


System errors:
=============
Error: (10/20/2014 05:41:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}

Error: (10/20/2014 05:41:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/20/2014 07:33:39 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/20/2014 07:32:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/20/2014 07:24:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/19/2014 09:08:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.

Error: (10/19/2014 04:42:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:40:47 PM on ‎19/‎10/‎2014 was unexpected.

Error: (10/18/2014 03:36:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (10/18/2014 02:08:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (10/18/2014 02:04:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (10/20/2014 04:19:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12892984

Error: (10/20/2014 04:19:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12892984

Error: (10/20/2014 04:19:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/20/2014 00:34:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.2041539e8df7ntdll.dll6.1.7601.18247521ea8e7c00000050002e3beeec01cfec1697ca65eeC:\Users\VIRGINIA\Desktop\aswMBR.exeC:\windows\SysWOW64\ntdll.dll5c7346b4-5812-11e4-a054-3085a90c928a

Error: (10/19/2014 09:37:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.2041539e8df7ntdll.dll6.1.7601.18247521ea8e7c00000050002e41b60401cfebf87f2d3110C:\Users\VIRGINIA\Desktop\aswMBR.exeC:\windows\SysWOW64\ntdll.dlla93d81f0-57f9-11e4-8f3f-3085a90c928a

Error: (10/19/2014 07:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: aswMBR.exe1.0.1.2041539e8df7ntdll.dll6.1.7601.18247521ea8e7c00000050002e41b108801cfebec7b0f2b57C:\Users\VIRGINIA\Desktop\aswMBR.exeC:\windows\SysWOW64\ntdll.dlld7f0ba47-57e9-11e4-8f3f-3085a90c928a

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30218

Error: (10/18/2014 00:18:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2014 00:18:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20124


CodeIntegrity Errors:
===================================
  Date: 2014-10-20 07:32:10.048
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-20 07:32:09.955
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 34%
Total physical RAM: 6048.13 MB
Available physical RAM: 3951.2 MB
Total Pagefile: 12094.43 MB
Available Pagefile: 9494.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:60.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:254.36 GB) (Free:253.92 GB) NTFS
Drive e: (CTI 2) (CDROM) (Total:0.06 GB) (Free:0 GB) UDF
Drive f: (New Volume) (Fixed) (Total:25 GB) (Free:1.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0ED6495C)
Partition 1: (Not Active) - (Size=25 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=100 MB) - (Type=27)
Partition 3: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=254.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP