[itsmesunny]

I have a program that I cannot get rid ... weatherbug ... it was installed when I was trying to do something else.

 

It is no longer in add/remove and the uninstall does not work. I get this stupid pop up about software restriction policy.

 

I ran malwarebytes and it is still there.

 

i did a search finally found this after trying others ... I got to number 3 except for the last thing listed - Click the + sign next to policies - it was not there.

 

Click the + sign next to Policies.

Read more : http://www.ehow.com/...windows-xp.html

 

Click the + sign next to Policies.

Read more : http://www.ehow.com/...windows-xp.htmlhttp://www.ehow.com/...windows-xp.html

How do I get rid of it?

Edited by itsmesunny, 27 October 2014 - 02:55 PM.

[Advertisements]

Hi Sunny, glad to see you back

 

I strongly recommend for non advanced users not to mess with the registry. Each of operations there is able to render the machine unstable, so make sure you will at least make a backup BEFORE any operations. 

 

 

Did you remove it completely ordo you still need help?

 

Cheers,

Naat

[Naathim]

Hi Sunny, glad to see you back

 

I strongly recommend for non advanced users not to mess with the registry. Each of operations there is able to render the machine unstable, so make sure you will at least make a backup BEFORE any operations. 

 

 

Did you remove it completely ordo you still need help?

 

Cheers,

Naat

[itsmesunny]

Hi Naat!

 

That is as far as I got. And yes, it is still there. Is there a way to get rid of it?

 

 

Sunny

Edited by itsmesunny, 27 October 2014 - 04:08 PM.

[Naathim]

I will do that for you, but I will have to move your thread to the malware forum. Is that OK?

[itsmesunny]

Sure Naat - that is fine.

 

Thanks!

 

Edited by itsmesunny, 27 October 2014 - 04:15 PM.

[Naathim]

OK, let's start



Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

• Right-click on icon and select Run as Administrator to start the tool.
  > XP users click run after receipt of Windows Security Warning - Open File.
  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

[itsmesunny]

Ok. I already have it but am downloading it once more in case it's been updated.

 

I have 32.

Edited by itsmesunny, 27 October 2014 - 04:28 PM.

[Naathim]

It is updated almost daily, so get the new one and post your reports. I will try to do my best

[itsmesunny]

There are  2 selections to run  - current user and the following user -

 

I clicked on current user and get a pop up - unable to open the script file - ?

Edited by itsmesunny, 27 October 2014 - 04:31 PM.

[Naathim]

Did you choose the SCAN option?

[itsmesunny]

I right clicked on the desktop icon to get run as...

 

I had not opened the program.

 

So now I did just hit SCAN and it's scanning.

 

Everything on Whitelist is checked.

 

Only Addition.txt on Optional Scan.

 

Ok -  the scans are done and the two .txt's are on the Desktop now.

Edited by itsmesunny, 27 October 2014 - 04:39 PM.

[itsmesunny]

You want me to copy and past them here?

 

My dinner is almost ready - so...

 

I'll just do it,

Edited by itsmesunny, 27 October 2014 - 04:46 PM.

[Naathim]

Yes, paste them please in your post.

Enjoy your meal, it is almost midnight here so I am going asleep. Will review them in the morning!

[itsmesunny]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by User (administrator) on USER-R6PHPMKAQL on 27-10-2014 18:35:12
Running from C:\Documents and Settings\User\Desktop
Loaded Profile: User (Available profiles: User & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\idmsqsetup.exe <====== ATTENTION
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [DellSystemDetect] => C:\Documents and Settings\User\Local Settings\Apps\2.0\7XLWQYXC.MCM\L5M53QYG.O88\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-10-22] (Dell)
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.5.171.1 207.5.171.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281
FF Homepage: www.startpage.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Extension: Simple Site Blocker - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\Extensions\[email protected] [2014-10-27]
FF Extension: Social Fixer - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\Extensions\[email protected] [2014-10-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Extension: (No Name) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp(2) [2014-07-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-26] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-10-22] (RaMMicHaeL)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
R3 bpusbflt; C:\WINDOWS\System32\Drivers\bpusbflt.sys [9597 2003-10-10] (Micro Solutions, Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP)
R3 kxwdmdrv; C:\WINDOWS\System32\drivers\kx.sys [605832 2009-07-28] (Eugene Gavrilov)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [16168 2007-04-10] (Creative Technology Ltd.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-10-27] ()
S4 IntelIde; No ImagePath
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 00:55 - 2014-10-29 00:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Widgets
2014-10-27 18:35 - 2014-10-27 18:36 - 00031486 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-10-27 18:27 - 2014-10-27 18:27 - 01104896 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-10-27 18:26 - 2014-10-27 18:35 - 00000000 ____D () C:\FRST
2014-10-27 14:59 - 2014-10-27 14:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-10-27 14:59 - 2014-10-27 14:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-10-27 14:57 - 2014-10-27 14:57 - 00010826 _____ () C:\WINDOWS\wmp11Uninst.log
2014-10-27 14:56 - 2014-10-27 14:56 - 00009279 _____ () C:\WINDOWS\KB940157Uninst.log
2014-10-27 14:51 - 2014-10-27 14:51 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\IsolatedStorage
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D () C:\Program Files\Earth Networks
2014-10-27 14:49 - 2014-10-27 14:50 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW2.job
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W2.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TM.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\StormFall
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\StormFall
2014-10-27 11:47 - 2014-10-27 11:47 - 00000000 ____D () C:\Program Files\Babylon
2014-10-26 10:18 - 2014-10-27 07:39 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Westward
2014-10-25 07:00 - 2014-10-25 21:51 - 00000000 ____D () C:\Program Files\DriverFinder
2014-10-25 06:59 - 2014-10-25 21:51 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DriverFinder
2014-10-24 08:15 - 2014-10-27 12:03 - 00000438 _____ () C:\WINDOWS\Tasks\SlimDrivers Scan.job
2014-10-23 13:36 - 2014-10-27 13:36 - 00000364 _____ () C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - User).job
2014-10-23 13:35 - 2014-10-23 13:42 - 00000000 ____D () C:\Program Files\SlimService
2014-10-23 13:35 - 2014-10-23 13:39 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-10-23 13:35 - 2014-10-23 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
2014-10-23 11:59 - 1999-12-31 20:00 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\system32\CSVer.dll
2014-10-23 11:29 - 2011-11-09 17:38 - 00132768 _____ (Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
2014-10-23 11:28 - 2006-01-12 14:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-10-23 11:25 - 2007-11-28 22:38 - 00040056 _____ (Intel Corporation) C:\WINDOWS\system32\NicInst.dll
2014-10-23 11:25 - 2007-08-07 00:28 - 00028272 _____ (Intel Corporation) C:\WINDOWS\system32\NicCo2.dll
2014-10-23 10:14 - 2014-10-23 10:14 - 00000000 ____D () C:\AVAST Software
2014-10-22 15:38 - 2014-10-27 14:56 - 00220184 _____ () C:\WINDOWS\setupapi.log
2014-10-22 14:16 - 2014-10-24 08:20 - 00000176 _____ () C:\WINDOWS\setupact.log
2014-10-22 14:16 - 2014-10-22 14:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-22 13:06 - 2014-10-22 13:06 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dell
2014-10-22 11:56 - 2014-10-22 11:57 - 00005562 _____ () C:\WINDOWS\KB2378111.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006556 _____ () C:\WINDOWS\KB978695.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006423 _____ () C:\WINDOWS\KB954155.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006266 _____ () C:\WINDOWS\KB975558.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00004341 _____ () C:\WINDOWS\KB2834904-v2.log
2014-10-22 10:02 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-10-22 10:01 - 2014-10-22 10:02 - 00002844 _____ () C:\WINDOWS\MSCompPackV1.log
2014-10-22 09:59 - 2014-10-22 10:01 - 00018528 _____ () C:\WINDOWS\wmp11.log
2014-10-22 09:58 - 2014-10-27 15:01 - 00052002 _____ () C:\WINDOWS\spupdsvc.log
2014-10-22 09:58 - 2014-10-27 14:57 - 00002313 _____ () C:\WINDOWS\updspapi.log
2014-10-22 09:43 - 2014-10-22 09:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2014-10-22 09:42 - 2014-10-22 09:59 - 00080979 _____ () C:\WINDOWS\WMFDist11.log
2014-10-22 09:42 - 2014-10-22 09:56 - 00003138 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-10-22 08:10 - 2014-10-22 08:10 - 00000000 ____D () C:\Documents and Settings\User\Application Data\ParetoLogic
2014-10-22 08:09 - 2014-10-22 08:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-10-22 06:57 - 2014-10-22 06:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-10-18 12:49 - 2014-10-18 12:49 - 00155232 ____H () C:\WINDOWS\system32\mlfcache.dat
2014-10-17 14:24 - 2014-10-27 14:44 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-16 14:09 - 2014-10-16 14:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-16 09:18 - 2014-10-24 08:28 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Articles on the Web
2014-10-16 09:05 - 2014-10-27 14:19 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My TV Shows
2014-10-14 09:19 - 2014-10-27 12:36 - 00000000 ___RD () C:\Documents and Settings\User\My Documents\My Movies
2014-10-11 17:34 - 2014-10-27 15:01 - 00044216 _____ () C:\WINDOWS\wmsetup.log
2014-10-03 07:12 - 2014-10-03 07:12 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-10-02 07:51 - 2014-10-02 07:54 - 00000000 ____D () C:\WINDOWS\system32\NtmsData

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 06:22 - 2014-08-26 08:22 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-29 06:22 - 2014-08-26 08:22 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-29 06:19 - 2014-08-26 08:20 - 00000000 ____D () C:\Program Files\Java
2014-10-29 00:55 - 2013-03-26 22:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Yahoo
2014-10-29 00:55 - 2009-08-10 12:40 - 00000000 ____D () C:\Program Files\Yahoo!
2014-10-27 18:36 - 2014-07-01 14:59 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\temp
2014-10-27 18:19 - 2014-06-26 16:39 - 00000364 ___HC () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-27 18:18 - 2014-07-07 07:07 - 00000882 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 18:10 - 2014-06-09 12:39 - 01821311 ____C () C:\WINDOWS\WindowsUpdate.log
2014-10-27 18:04 - 2013-02-22 16:32 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-27 17:13 - 2013-02-23 03:04 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-27 16:18 - 2014-07-07 07:07 - 00000878 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 16:18 - 2014-06-09 12:39 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-10-27 16:18 - 2014-06-09 12:39 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-10-27 16:18 - 2009-06-17 09:13 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-10-27 16:17 - 2014-06-12 18:16 - 01281646 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1275210071-725345543-1004-0.dat
2014-10-27 16:17 - 2014-06-06 21:01 - 00412766 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-10-27 16:17 - 2009-06-17 09:27 - 00000278 __SHC () C:\Documents and Settings\User\ntuser.ini
2014-10-27 16:17 - 2009-06-17 09:25 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-27 16:15 - 2009-06-17 11:31 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-10-27 16:15 - 2009-06-17 09:13 - 00000000 ____D () C:\DELL
2014-10-27 16:15 - 2009-06-17 05:01 - 00000000 ___RD () C:\WINDOWS\Web
2014-10-27 16:14 - 2009-06-17 05:01 - 00000000 ____D () C:\WINDOWS\Help
2014-10-27 15:36 - 2013-02-22 14:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-10-27 15:10 - 2014-06-09 11:46 - 00114904 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 15:09 - 2014-07-07 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 15:09 - 2014-07-07 09:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 14:59 - 2009-06-17 09:27 - 00000000 ___RD () C:\Documents and Settings\User\Start Menu\Programs\Accessories
2014-10-27 14:59 - 2002-09-03 13:11 - 00000670 ____C () C:\WINDOWS\win.ini
2014-10-27 14:57 - 2013-03-27 14:53 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-10-27 14:56 - 2014-09-22 11:24 - 00108834 _____ () C:\WINDOWS\FaxSetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00072064 _____ () C:\WINDOWS\ocgen.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00042902 _____ () C:\WINDOWS\tsoc.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00028920 _____ () C:\WINDOWS\comsetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00021257 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00010818 _____ () C:\WINDOWS\iis6.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00005847 _____ () C:\WINDOWS\ocmsn.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00005449 _____ () C:\WINDOWS\msgsocm.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-27 14:51 - 2014-09-10 10:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Unchecky
2014-10-27 12:00 - 2014-07-04 09:32 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-10-25 07:27 - 2014-09-23 08:22 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-25 07:21 - 2014-07-07 14:15 - 00000000 ____D () C:\Documents and Settings\User\Application Data\PCDr
2014-10-25 07:20 - 2014-06-05 14:52 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Deployment
2014-10-25 07:12 - 2009-06-17 09:40 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-10-24 08:19 - 2009-06-17 05:05 - 00637622 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-23 13:36 - 2014-06-05 20:17 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2014-10-23 12:03 - 2009-06-17 09:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-23 11:30 - 2009-06-17 09:40 - 00000000 ____D () C:\Program Files\Intel
2014-10-22 10:09 - 2014-07-04 16:10 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-22 10:04 - 2014-07-01 14:59 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-22 10:01 - 2014-09-22 11:24 - 00001393 _____ () C:\WINDOWS\imsins.BAK
2014-10-22 09:59 - 2009-06-17 09:12 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-10-22 09:55 - 2002-09-03 13:14 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-10-22 09:31 - 2014-07-29 20:08 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-10-22 09:31 - 2014-07-29 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-10-22 08:17 - 2014-07-29 20:09 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DivX
2014-10-21 23:20 - 2009-06-17 14:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB891781$
2014-10-21 22:22 - 2003-04-28 03:30 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Widgets
2014-10-18 16:00 - 2013-02-22 16:32 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-18 16:00 - 2013-02-22 16:32 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-18 12:42 - 2014-06-06 13:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Apple Computer
2014-10-18 12:42 - 2014-06-06 12:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
2014-10-16 18:29 - 2009-08-22 14:54 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-15 17:46 - 2014-06-05 14:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 17:35 - 2009-06-17 13:11 - 100290944 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 10:14 - 2014-07-05 11:20 - 00000000 ____D () C:\Program Files\Unchecky
2014-10-09 07:54 - 2014-07-08 06:19 - 00000178 __SHC () C:\Documents and Settings\Guest\ntuser.ini
2014-10-09 07:43 - 2014-07-08 06:19 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2014-10-01 11:11 - 2014-07-07 09:24 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-07-07 09:24 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-27 08:02 - 2013-04-07 10:39 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Geeks2Go

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\temp\ICReinstall_FileOpenerSetup.exe
C:\Documents and Settings\User\Local Settings\temp\jre-8u25-windows-au.exe
C:\Documents and Settings\User\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\User\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\User\Local Settings\temp\System.Data.SQLite57188.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[itsmesunny]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by User (administrator) on USER-R6PHPMKAQL on 27-10-2014 18:35:12
Running from C:\Documents and Settings\User\Desktop
Loaded Profile: User (Available profiles: User & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\rcpsetup_binstall2_binstall2.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\idm2\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\idm2\idmsqsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\idm2\idmsqsetup.exe <====== ATTENTION
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-13] ( (Microsoft Corporation))
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [SlimCleaner Plus] => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Run: [DellSystemDetect] => C:\Documents and Settings\User\Local Settings\Apps\2.0\7XLWQYXC.MCM\L5M53QYG.O88\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-10-22] (Dell)
HKU\S-1-5-21-602162358-1275210071-725345543-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.5.171.1 207.5.171.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281
FF Homepage: www.startpage.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Extension: Simple Site Blocker - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\Extensions\[email protected] [2014-10-27]
FF Extension: Social Fixer - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xodjqmx1.default-1413718828281\Extensions\[email protected] [2014-10-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-02-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected]

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-26]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-26]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-26]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-26]
CHR Extension: (No Name) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp(2) [2014-07-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-07] (AVAST Software)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-08-26] (Oracle Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [111208 2014-10-22] (RaMMicHaeL)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-07-07] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-07-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-07-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-07-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-07-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-08-08] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-07-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-07-07] ()
R3 bpusbflt; C:\WINDOWS\System32\Drivers\bpusbflt.sys [9597 2003-10-10] (Micro Solutions, Inc.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
S3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\WINDOWS\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-01-24] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-01-24] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-01-24] (HP)
R3 kxwdmdrv; C:\WINDOWS\System32\drivers\kx.sys [605832 2009-07-28] (Eugene Gavrilov)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [16168 2007-04-10] (Creative Technology Ltd.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-10-27] ()
S4 IntelIde; No ImagePath
S3 JL2005C; System32\Drivers\jl2005c.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 00:55 - 2014-10-29 00:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Widgets
2014-10-27 18:35 - 2014-10-27 18:36 - 00031486 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-10-27 18:27 - 2014-10-27 18:27 - 01104896 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-10-27 18:26 - 2014-10-27 18:35 - 00000000 ____D () C:\FRST
2014-10-27 14:59 - 2014-10-27 14:59 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-10-27 14:59 - 2014-10-27 14:59 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-10-27 14:57 - 2014-10-27 14:57 - 00010826 _____ () C:\WINDOWS\wmp11Uninst.log
2014-10-27 14:56 - 2014-10-27 14:56 - 00009279 _____ () C:\WINDOWS\KB940157Uninst.log
2014-10-27 14:51 - 2014-10-27 14:51 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\IsolatedStorage
2014-10-27 14:50 - 2014-10-27 14:50 - 00000000 ____D () C:\Program Files\Earth Networks
2014-10-27 14:49 - 2014-10-27 14:50 - 00000000 __HDC () C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW2.job
2014-10-27 14:49 - 2014-10-27 14:49 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TW1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W2.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall W1.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000484 _____ () C:\WINDOWS\Tasks\StormFall TM.job
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\StormFall
2014-10-27 14:48 - 2014-10-27 14:48 - 00000000 ____D () C:\Documents and Settings\User\Application Data\StormFall
2014-10-27 11:47 - 2014-10-27 11:47 - 00000000 ____D () C:\Program Files\Babylon
2014-10-26 10:18 - 2014-10-27 07:39 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Westward
2014-10-25 07:00 - 2014-10-25 21:51 - 00000000 ____D () C:\Program Files\DriverFinder
2014-10-25 06:59 - 2014-10-25 21:51 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DriverFinder
2014-10-24 08:15 - 2014-10-27 12:03 - 00000438 _____ () C:\WINDOWS\Tasks\SlimDrivers Scan.job
2014-10-23 13:36 - 2014-10-27 13:36 - 00000364 _____ () C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - User).job
2014-10-23 13:35 - 2014-10-23 13:42 - 00000000 ____D () C:\Program Files\SlimService
2014-10-23 13:35 - 2014-10-23 13:39 - 00000000 ____D () C:\Program Files\SlimCleaner Plus
2014-10-23 13:35 - 2014-10-23 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SlimWare Utilities Inc
2014-10-23 11:59 - 1999-12-31 20:00 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\system32\CSVer.dll
2014-10-23 11:29 - 2011-11-09 17:38 - 00132768 _____ (Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
2014-10-23 11:28 - 2006-01-12 14:52 - 00001904 ____N () C:\WINDOWS\system32\SetupBD.din
2014-10-23 11:25 - 2007-11-28 22:38 - 00040056 _____ (Intel Corporation) C:\WINDOWS\system32\NicInst.dll
2014-10-23 11:25 - 2007-08-07 00:28 - 00028272 _____ (Intel Corporation) C:\WINDOWS\system32\NicCo2.dll
2014-10-23 10:14 - 2014-10-23 10:14 - 00000000 ____D () C:\AVAST Software
2014-10-22 15:38 - 2014-10-27 14:56 - 00220184 _____ () C:\WINDOWS\setupapi.log
2014-10-22 14:16 - 2014-10-24 08:20 - 00000176 _____ () C:\WINDOWS\setupact.log
2014-10-22 14:16 - 2014-10-22 14:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-22 13:06 - 2014-10-22 13:06 - 00000000 ____D () C:\Documents and Settings\User\Start Menu\Programs\Dell
2014-10-22 11:56 - 2014-10-22 11:57 - 00005562 _____ () C:\WINDOWS\KB2378111.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006556 _____ () C:\WINDOWS\KB978695.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006423 _____ () C:\WINDOWS\KB954155.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00006266 _____ () C:\WINDOWS\KB975558.log
2014-10-22 10:39 - 2014-10-22 10:39 - 00004341 _____ () C:\WINDOWS\KB2834904-v2.log
2014-10-22 10:02 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-10-22 10:01 - 2014-10-22 10:02 - 00002844 _____ () C:\WINDOWS\MSCompPackV1.log
2014-10-22 09:59 - 2014-10-22 10:01 - 00018528 _____ () C:\WINDOWS\wmp11.log
2014-10-22 09:58 - 2014-10-27 15:01 - 00052002 _____ () C:\WINDOWS\spupdsvc.log
2014-10-22 09:58 - 2014-10-27 14:57 - 00002313 _____ () C:\WINDOWS\updspapi.log
2014-10-22 09:43 - 2014-10-22 09:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWMFDist11$
2014-10-22 09:42 - 2014-10-22 09:59 - 00080979 _____ () C:\WINDOWS\WMFDist11.log
2014-10-22 09:42 - 2014-10-22 09:56 - 00003138 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-10-22 08:10 - 2014-10-22 08:10 - 00000000 ____D () C:\Documents and Settings\User\Application Data\ParetoLogic
2014-10-22 08:09 - 2014-10-22 08:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-10-22 06:57 - 2014-10-22 06:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-10-18 12:49 - 2014-10-18 12:49 - 00155232 ____H () C:\WINDOWS\system32\mlfcache.dat
2014-10-17 14:24 - 2014-10-27 14:44 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-16 14:09 - 2014-10-16 14:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-16 09:18 - 2014-10-24 08:28 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Articles on the Web
2014-10-16 09:05 - 2014-10-27 14:19 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My TV Shows
2014-10-14 09:19 - 2014-10-27 12:36 - 00000000 ___RD () C:\Documents and Settings\User\My Documents\My Movies
2014-10-11 17:34 - 2014-10-27 15:01 - 00044216 _____ () C:\WINDOWS\wmsetup.log
2014-10-03 07:12 - 2014-10-03 07:12 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Apple Computer
2014-10-02 07:51 - 2014-10-02 07:54 - 00000000 ____D () C:\WINDOWS\system32\NtmsData

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 06:22 - 2014-08-26 08:22 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-29 06:22 - 2014-08-26 08:22 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-29 06:19 - 2014-08-26 08:20 - 00000000 ____D () C:\Program Files\Java
2014-10-29 00:55 - 2013-03-26 22:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Yahoo
2014-10-29 00:55 - 2009-08-10 12:40 - 00000000 ____D () C:\Program Files\Yahoo!
2014-10-27 18:36 - 2014-07-01 14:59 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\temp
2014-10-27 18:19 - 2014-06-26 16:39 - 00000364 ___HC () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-10-27 18:18 - 2014-07-07 07:07 - 00000882 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 18:10 - 2014-06-09 12:39 - 01821311 ____C () C:\WINDOWS\WindowsUpdate.log
2014-10-27 18:04 - 2013-02-22 16:32 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-27 17:13 - 2013-02-23 03:04 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-27 16:18 - 2014-07-07 07:07 - 00000878 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-27 16:18 - 2014-06-09 12:39 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-10-27 16:18 - 2014-06-09 12:39 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-10-27 16:18 - 2009-06-17 09:13 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-10-27 16:17 - 2014-06-12 18:16 - 01281646 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1275210071-725345543-1004-0.dat
2014-10-27 16:17 - 2014-06-06 21:01 - 00412766 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-10-27 16:17 - 2009-06-17 09:27 - 00000278 __SHC () C:\Documents and Settings\User\ntuser.ini
2014-10-27 16:17 - 2009-06-17 09:25 - 00032564 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-27 16:15 - 2009-06-17 11:31 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-10-27 16:15 - 2009-06-17 09:13 - 00000000 ____D () C:\DELL
2014-10-27 16:15 - 2009-06-17 05:01 - 00000000 ___RD () C:\WINDOWS\Web
2014-10-27 16:14 - 2009-06-17 05:01 - 00000000 ____D () C:\WINDOWS\Help
2014-10-27 15:36 - 2013-02-22 14:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2014-10-27 15:10 - 2014-06-09 11:46 - 00114904 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 15:09 - 2014-07-07 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 15:09 - 2014-07-07 09:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-27 14:59 - 2009-06-17 09:27 - 00000000 ___RD () C:\Documents and Settings\User\Start Menu\Programs\Accessories
2014-10-27 14:59 - 2002-09-03 13:11 - 00000670 ____C () C:\WINDOWS\win.ini
2014-10-27 14:57 - 2013-03-27 14:53 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-10-27 14:56 - 2014-09-22 11:24 - 00108834 _____ () C:\WINDOWS\FaxSetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00072064 _____ () C:\WINDOWS\ocgen.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00042902 _____ () C:\WINDOWS\tsoc.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00028920 _____ () C:\WINDOWS\comsetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00021257 _____ () C:\WINDOWS\ntdtcsetup.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00010818 _____ () C:\WINDOWS\iis6.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00005847 _____ () C:\WINDOWS\ocmsn.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00005449 _____ () C:\WINDOWS\msgsocm.log
2014-10-27 14:56 - 2014-09-22 11:24 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-10-27 14:51 - 2014-09-10 10:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Unchecky
2014-10-27 12:00 - 2014-07-04 09:32 - 00013464 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2014-10-25 07:27 - 2014-09-23 08:22 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-10-25 07:21 - 2014-07-07 14:15 - 00000000 ____D () C:\Documents and Settings\User\Application Data\PCDr
2014-10-25 07:20 - 2014-06-05 14:52 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Deployment
2014-10-25 07:12 - 2009-06-17 09:40 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-10-24 08:19 - 2009-06-17 05:05 - 00637622 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-23 13:36 - 2014-06-05 20:17 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2014-10-23 12:03 - 2009-06-17 09:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-23 11:30 - 2009-06-17 09:40 - 00000000 ____D () C:\Program Files\Intel
2014-10-22 10:09 - 2014-07-04 16:10 - 00000000 ____D () C:\Program Files\QuickTime
2014-10-22 10:04 - 2014-07-01 14:59 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-22 10:01 - 2014-09-22 11:24 - 00001393 _____ () C:\WINDOWS\imsins.BAK
2014-10-22 09:59 - 2009-06-17 09:12 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-10-22 09:55 - 2002-09-03 13:14 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-10-22 09:31 - 2014-07-29 20:08 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-10-22 09:31 - 2014-07-29 20:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-10-22 08:17 - 2014-07-29 20:09 - 00000000 ____D () C:\Documents and Settings\User\Application Data\DivX
2014-10-21 23:20 - 2009-06-17 14:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB891781$
2014-10-21 22:22 - 2003-04-28 03:30 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Widgets
2014-10-18 16:00 - 2013-02-22 16:32 - 00701104 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-18 16:00 - 2013-02-22 16:32 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-18 12:42 - 2014-06-06 13:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Apple Computer
2014-10-18 12:42 - 2014-06-06 12:30 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Apple Computer
2014-10-16 18:29 - 2009-08-22 14:54 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-15 17:46 - 2014-06-05 14:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 17:35 - 2009-06-17 13:11 - 100290944 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 10:14 - 2014-07-05 11:20 - 00000000 ____D () C:\Program Files\Unchecky
2014-10-09 07:54 - 2014-07-08 06:19 - 00000178 __SHC () C:\Documents and Settings\Guest\ntuser.ini
2014-10-09 07:43 - 2014-07-08 06:19 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\temp
2014-10-01 11:11 - 2014-07-07 09:24 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-07-07 09:24 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-27 08:02 - 2013-04-07 10:39 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Geeks2Go

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\temp\ICReinstall_FileOpenerSetup.exe
C:\Documents and Settings\User\Local Settings\temp\jre-8u25-windows-au.exe
C:\Documents and Settings\User\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\User\Local Settings\temp\System.Data.SQLite.dll
C:\Documents and Settings\User\Local Settings\temp\System.Data.SQLite57188.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================