Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

dllhost.exe Virus has infected my computer... please help [Solved]

Started by LarryDelos11 , Nov 10 2014 02:55 PM

  • This topic is locked This topic is locked

#16
LarryDelos11
Posted 12 November 2014 - 09:42 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi Nevan, wasn't sure if there was a mistake because the two logs I posted earlier look identical.  I may have messed up the control c's and v's, so I ran another scan...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Carol (administrator) on CAROL-HP on 12-11-2014 21:34:24
Running from C:\Users\Carol\Desktop
Loaded Profile: Carol (Available profiles: Carol)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adblock) C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2013-11-22] (Apple Computer, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WatchingService] => "c:\program files (x86)\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run C:\Program Files (x86)\D-Link\D-Link D-ViewCam\Bin
HKLM-x32\...\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] => "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE" RunWithWindows
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3904076736-4116430610-328848089-1000\...\MountPoints2: G - G:\TL-Bootstrap.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} http://172.10.99.70:...late/WebACS.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-08-13]
FF Extension: Ads Removal - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-11-12]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Search) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Norton Identity Protection) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S3 wxpSvc; C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe [3326448 2014-07-15] (Moonware Studios)
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1393959501\mediadev.exe" [X]
S2 WinDevSrv; "C:\Users\Carol\AppData\Roaming\UpdateServ\UpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-17] (Avira Operations GmbH & Co. KG)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 17:11 - 2014-11-12 17:11 - 00000000 ____D () C:\Users\Carol\AppData\Local\{64096D6C-E693-4BAB-8D7A-E8495A8DD044}
2014-11-12 16:57 - 2014-11-12 21:35 - 00014008 _____ () C:\Users\Carol\Desktop\FRST.txt
2014-11-12 16:56 - 2014-11-12 17:06 - 00038261 _____ () C:\Users\Carol\Desktop\Addition.txt
2014-11-12 15:51 - 2014-11-12 15:51 - 00000000 __SHD () C:\Users\Carol\AppData\Local\EmieBrowserModeList
2014-11-12 15:41 - 2014-11-12 15:44 - 00000000 ____D () C:\AdwCleaner
2014-11-12 15:40 - 2014-11-12 15:40 - 00003902 _____ () C:\Users\Carol\Desktop\JRT.txt
2014-11-12 15:34 - 2014-11-12 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-11-12 15:24 - 2014-11-12 15:24 - 01706808 _____ (Thisisu) C:\Users\Carol\Desktop\JRT.exe
2014-11-12 14:56 - 2014-11-12 16:57 - 00015002 _____ () C:\Users\Carol\Desktop\Addition2.txt
2014-11-12 14:52 - 2014-11-12 16:56 - 00038002 _____ () C:\Users\Carol\Desktop\FRST2.txt
2014-11-12 14:45 - 2014-11-12 14:46 - 00001839 _____ () C:\Users\Carol\Desktop\computer fix 11-12-14.txt
2014-11-11 14:41 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 14:41 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 14:41 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 14:41 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 14:41 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 14:41 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 14:41 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 14:41 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 14:41 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 14:41 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 14:41 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 14:41 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 14:41 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 14:41 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 14:41 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 14:41 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 14:41 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 14:41 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 14:41 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 14:41 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 14:41 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 14:41 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 14:41 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 14:41 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 14:41 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 14:41 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 14:38 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 14:38 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 14:38 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 14:38 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 14:38 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 14:37 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 14:37 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 14:37 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 14:37 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 14:37 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 14:37 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 14:37 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:24 - 2014-11-11 14:28 - 00002124 _____ () C:\Users\Carol\Desktop\FSS1.txt
2014-11-11 14:22 - 2014-11-11 14:22 - 00002098 _____ () C:\Users\Carol\Downloads\fixlist.txt
2014-11-11 14:12 - 2014-11-11 14:15 - 00030773 _____ () C:\Users\Carol\Desktop\Addition1.txt
2014-11-11 13:52 - 2014-11-11 13:52 - 00415232 _____ (Farbar) C:\Users\Carol\Desktop\FSS.exe
2014-11-11 12:57 - 2014-11-11 12:57 - 00002327 _____ () C:\Users\Carol\Desktop\Geekstogo instructions.txt
2014-11-10 15:17 - 2014-11-10 15:17 - 02140160 _____ () C:\Users\Carol\Desktop\AdwCleaner.exe
2014-11-10 15:09 - 2014-11-11 14:15 - 00034308 _____ () C:\Users\Carol\Desktop\FRST1.txt
2014-11-10 15:09 - 2014-11-10 15:09 - 00027319 _____ () C:\Users\Carol\Desktop\FARBAR Addition.txt
2014-11-10 15:07 - 2014-11-10 15:08 - 00027319 _____ () C:\Users\Carol\Downloads\Addition.txt
2014-11-10 15:05 - 2014-11-12 21:34 - 00000000 ____D () C:\FRST
2014-11-10 15:05 - 2014-11-10 15:08 - 00031895 _____ () C:\Users\Carol\Downloads\FRST.txt
2014-11-10 15:03 - 2014-11-10 15:03 - 02116096 _____ (Farbar) C:\Users\Carol\Desktop\FRST64.exe
2014-11-10 15:01 - 2014-11-10 15:01 - 01107968 _____ (Farbar) C:\Users\Carol\Downloads\FRST.exe
2014-11-10 11:45 - 2014-11-10 11:45 - 00000529 _____ () C:\Users\Carol\Desktop\IObit Malware Fighter Report.log
2014-11-10 00:04 - 2014-11-10 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-11-09 23:59 - 2014-11-10 00:04 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-11-09 23:59 - 2014-11-09 23:59 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\IObit
2014-11-09 23:37 - 2014-11-09 23:39 - 32809520 _____ (IObit ) C:\Users\Carol\Downloads\IObit-Malware-Fighter-Setup.exe
2014-11-09 23:11 - 2014-11-09 23:11 - 00000000 _____ () C:\autoexec.bat
2014-11-09 21:49 - 2014-11-09 21:56 - 00602112 _____ (OldTimer Tools) C:\Users\Carol\Downloads\OTL.exe
2014-11-09 21:34 - 2014-11-09 21:47 - 00000321 _____ () C:\Users\Carol\Downloads\RegCureProSetup_e53615c_.exe
2014-11-09 21:22 - 2014-11-09 21:32 - 06209727 _____ (ParetoLogic, Inc.) C:\Users\Carol\Downloads\RegCureProSetup_e535a01_.exe.part
2014-11-09 21:21 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-09 21:15 - 2014-11-09 21:15 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Carol\Downloads\SpyHunter-Installer.exe
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-09 16:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-07 13:46 - 2014-11-07 20:05 - 00001681 _____ () C:\Users\Carol\Desktop\Invitation.msrcIncident
2014-11-07 13:10 - 2014-11-10 10:51 - 00000000 ____D () C:\ProgramData\IObit
2014-11-07 13:10 - 2014-11-07 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-26 22:17 - 2014-10-26 22:18 - 06254608 _____ (FixBliss) C:\Users\Carol\Downloads\SpeedFixTool-Setup.exe
2014-10-18 21:31 - 2014-10-18 21:31 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-10-18 21:31 - 2008-11-11 12:42 - 00033792 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64modem.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64gps.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64diag.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00017920 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64bus.sys
2014-10-17 10:57 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 10:57 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 10:54 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 21:33 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 21:33 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 21:33 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 21:33 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 21:33 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 21:33 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 21:30 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 21:30 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-13 05:23 - 2014-10-13 05:23 - 00000000 _____ () C:\Users\Carol\Downloads\fl_setup.exe.38l9jwq.partial

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 21:15 - 2012-05-12 21:37 - 01583725 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 21:14 - 2014-06-27 14:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 18:30 - 2009-07-13 22:51 - 00063083 _____ () C:\Windows\setupact.log
2014-11-12 18:15 - 2012-10-20 18:46 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{25DD2188-DDE9-4E9D-A855-8222DB9D7D34}
2014-11-12 18:09 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 18:09 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 18:01 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 17:28 - 2014-09-19 21:28 - 00123904 ___SH () C:\Users\Carol\Desktop\Thumbs.db
2014-11-12 16:54 - 2009-07-13 23:08 - 00031702 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 15:54 - 2009-07-13 23:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:47 - 2009-07-13 22:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:46 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 15:45 - 2010-11-20 21:47 - 00347562 _____ () C:\Windows\PFRO.log
2014-11-12 14:41 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\SoftGrid Client
2014-11-12 07:52 - 2014-07-17 19:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:44 - 2014-01-05 00:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 16:50 - 2014-09-19 21:28 - 00114176 ___SH () C:\Users\Carol\Downloads\Thumbs.db
2014-11-10 14:21 - 2013-11-06 18:39 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarol
2014-11-10 14:21 - 2013-11-06 18:39 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarol.job
2014-11-10 11:58 - 2014-04-11 13:01 - 00038792 _____ () C:\Users\Carol\Desktop\expense-reimbursement-form.xlsx
2014-11-09 21:16 - 2014-09-11 20:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-09 21:16 - 2014-08-13 20:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-09 21:16 - 2014-07-17 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-09 21:16 - 2014-07-17 13:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-09 14:40 - 2012-05-12 22:02 - 00000000 ____D () C:\ProgramData\Intel
2014-11-09 14:40 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-09 14:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-09 13:43 - 2012-10-20 18:17 - 00000000 ____D () C:\Users\Carol
2014-11-07 19:44 - 2013-11-06 18:41 - 00000000 ____D () C:\Users\Carol\AppData\Local\Windows Live Writer
2014-11-07 14:23 - 2013-12-06 14:06 - 00000000 ____D () C:\Users\Carol\AppData\Local\CrashDumps
2014-11-07 14:22 - 2013-11-28 13:36 - 00000000 ____D () C:\Users\Carol\Desktop\New folder
2014-10-18 21:31 - 2011-07-12 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-14 05:29 - 2014-07-17 19:38 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 05:29 - 2014-07-17 13:34 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 05:29 - 2014-07-17 13:34 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Carol\AppData\Local\Temp\avgnt.exe
C:\Users\Carol\AppData\Local\Temp\Quarantine.exe
C:\Users\Carol\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-07 11:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Carol at 2014-11-12 21:35:59
Running from C:\Users\Carol\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DWACS 1.0.6.3 (HKLM-x32\...\ACS_is1) (Version: 1.0.6.3 - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
e-Sword (HKLM-x32\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IP Camera Viewer 1.0 (HKLM-x32\...\IP Camera Viewer_is1) (Version:  - DeskShare Inc.)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebACS 1.0.0.34 (HKLM-x32\...\WebACS_is1) (Version:  - WebACS)
webcamXP 5 (HKLM-x32\...\wLite) (Version: 5.8.5.0 - Moonware Studios)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

07-11-2014 17:17:12 Scheduled Checkpoint
08-11-2014 02:34:41 Windows Modules Installer
08-11-2014 02:35:29 Windows Modules Installer
08-11-2014 02:56:06 Windows Modules Installer
08-11-2014 03:01:21 Windows Modules Installer
08-11-2014 03:22:03 Windows Modules Installer
08-11-2014 03:22:44 Windows Modules Installer
08-11-2014 11:38:12 Windows Update
09-11-2014 04:27:52 Restore Operation
10-11-2014 16:56:12 Windows Update
11-11-2014 14:12:50 Windows Update
12-11-2014 13:37:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {164C7DE4-A84D-49BC-AC16-82468DF88991} - System32\Tasks\HPCeeScheduleForCarol => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {19052654-54F3-4B88-BFF7-F26E414BDA9A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {1CFE4E98-8638-487F-BF38-9D6355FB0133} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {594E6A8E-894C-43E5-A660-6BA6A4FB2C83} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {5BA632FF-57B6-445A-A709-B75275E08DB4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5FDCD1E1-B410-4BD3-9F19-8E2F9693B8BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {CF14D93D-CC31-473B-81F1-600A9E5A6F61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D1D273E4-4D7A-4738-A99B-9EF9AD93E81A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D8B187B2-3820-4024-B102-9348A6F5CDE8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {DDC2BD29-3B95-4F4E-8346-70E67BF3DEA6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCarol.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-07 13:10 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-11-09 23:59 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-11-09 23:59 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2012-05-12 21:37 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3904076736-4116430610-328848089-500 - Administrator - Disabled)
Carol (S-1-5-21-3904076736-4116430610-328848089-1000 - Administrator - Enabled) => C:\Users\Carol
Guest (S-1-5-21-3904076736-4116430610-328848089-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3904076736-4116430610-328848089-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 07:07:39 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:07:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (11/12/2014 07:07:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (11/12/2014 07:05:27 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:04:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (11/12/2014 07:04:00 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.MediaCenter.Bml, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:03:39 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.Build.Engine, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:03:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mcplayerinterop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:03:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:02:34 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.MediaCenter.TV.Tuners.Interop, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

System errors:
=============
Error: (11/12/2014 06:01:23 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/12/2014 04:59:03 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (11/12/2014 04:54:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/12/2014 07:07:39 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020
System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil

Error: (11/12/2014 07:07:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (11/12/2014 07:07:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (11/12/2014 07:05:27 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020
Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (11/12/2014 07:04:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (11/12/2014 07:04:00 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.MediaCenter.Bml, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020
Microsoft.MediaCenter.Bml, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (11/12/2014 07:03:39 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.Build.Engine, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil . Error code = 0x80070020
Microsoft.Build.Engine, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil

Error: (11/12/2014 07:03:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: mcplayerinterop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020
mcplayerinterop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (11/12/2014 07:03:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020
EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (11/12/2014 07:02:34 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.MediaCenter.TV.Tuners.Interop, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
Microsoft.MediaCenter.TV.Tuners.Interop, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 61%
Total physical RAM: 1899.86 MB
Available physical RAM: 722.72 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 2040.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.47 GB) (Free:229.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

Advertisements

#17
Nevan
Posted 13 November 2014 - 10:29 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, LarryDelos11.

Is the svchost problem still appearing? I'm asking because in the last FRST log I see that your memory usage is on proper level, so I assume that it is not.

Please answer my questions but also do the following:

Step #1
Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    oGHz2fO.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click the 4uwHOgV.png button. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
  • Click the HVS7vK4.png button.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • Checkup.txt log content

  • 0

#18
LarryDelos11
Posted 13 November 2014 - 05:27 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Have not seen it again since last I mentioned. Will run the scans and go from there. Thanks again
  • 0

#19
LarryDelos11
Posted 13 November 2014 - 08:01 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi Nevan.  The svchost.exe file came back again when I first was on the internet just a moment ago.  I tried to start a FRST scan but the computer was too slow.  I rebooted and immediately readied the program until the file returned, which it did.  When I got on the internet again to come here it appeared.  I started the scan and waited a minute but then turned off the internet connection.  The svchost.exe file then went away so I don't know what the scan results will tell you, but here it is.  I am still working on the other scans. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Carol (administrator) on CAROL-HP on 13-11-2014 19:49:12
Running from C:\Users\Carol\Desktop
Loaded Profile: Carol (Available profiles: Carol)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adblock) C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2013-11-22] (Apple Computer, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WatchingService] => "c:\program files (x86)\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run C:\Program Files (x86)\D-Link\D-Link D-ViewCam\Bin
HKLM-x32\...\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] => "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE" RunWithWindows
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3904076736-4116430610-328848089-1000\...\MountPoints2: G - G:\TL-Bootstrap.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} http://172.10.99.70:...late/WebACS.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-08-13]
FF Extension: Ads Removal - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-11-12]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Search) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Norton Identity Protection) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S3 wxpSvc; C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe [3326448 2014-07-15] (Moonware Studios)
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1393959501\mediadev.exe" [X]
S2 WinDevSrv; "C:\Users\Carol\AppData\Roaming\UpdateServ\UpdaterService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-17] (Avira Operations GmbH & Co. KG)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 17:11 - 2014-11-12 17:11 - 00000000 ____D () C:\Users\Carol\AppData\Local\{64096D6C-E693-4BAB-8D7A-E8495A8DD044}
2014-11-12 16:57 - 2014-11-13 19:51 - 00014139 _____ () C:\Users\Carol\Desktop\FRST.txt
2014-11-12 16:56 - 2014-11-12 21:48 - 00030069 _____ () C:\Users\Carol\Desktop\Addition.txt
2014-11-12 15:51 - 2014-11-12 15:51 - 00000000 __SHD () C:\Users\Carol\AppData\Local\EmieBrowserModeList
2014-11-12 15:41 - 2014-11-12 15:44 - 00000000 ____D () C:\AdwCleaner
2014-11-12 15:40 - 2014-11-12 15:40 - 00003902 _____ () C:\Users\Carol\Desktop\JRT.txt
2014-11-12 15:34 - 2014-11-12 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-11-12 15:24 - 2014-11-12 15:24 - 01706808 _____ (Thisisu) C:\Users\Carol\Desktop\JRT.exe
2014-11-12 14:56 - 2014-11-12 16:57 - 00015002 _____ () C:\Users\Carol\Desktop\Addition2.txt
2014-11-12 14:52 - 2014-11-12 16:56 - 00038002 _____ () C:\Users\Carol\Desktop\FRST2.txt
2014-11-12 14:45 - 2014-11-12 14:46 - 00001839 _____ () C:\Users\Carol\Desktop\computer fix 11-12-14.txt
2014-11-11 14:41 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 14:41 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 14:41 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 14:41 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 14:41 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 14:41 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 14:41 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 14:41 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 14:41 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 14:41 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 14:41 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 14:41 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 14:41 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 14:41 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 14:41 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 14:41 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 14:41 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 14:41 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 14:41 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 14:41 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 14:41 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 14:41 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 14:41 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 14:41 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 14:41 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 14:41 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 14:38 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 14:38 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 14:38 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 14:38 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 14:38 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 14:37 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 14:37 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 14:37 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 14:37 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 14:37 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 14:37 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 14:37 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:24 - 2014-11-11 14:28 - 00002124 _____ () C:\Users\Carol\Desktop\FSS1.txt
2014-11-11 14:22 - 2014-11-11 14:22 - 00002098 _____ () C:\Users\Carol\Downloads\fixlist.txt
2014-11-11 14:12 - 2014-11-11 14:15 - 00030773 _____ () C:\Users\Carol\Desktop\Addition1.txt
2014-11-11 13:52 - 2014-11-11 13:52 - 00415232 _____ (Farbar) C:\Users\Carol\Desktop\FSS.exe
2014-11-11 12:57 - 2014-11-11 12:57 - 00002327 _____ () C:\Users\Carol\Desktop\Geekstogo instructions.txt
2014-11-10 15:17 - 2014-11-10 15:17 - 02140160 _____ () C:\Users\Carol\Desktop\AdwCleaner.exe
2014-11-10 15:09 - 2014-11-11 14:15 - 00034308 _____ () C:\Users\Carol\Desktop\FRST1.txt
2014-11-10 15:09 - 2014-11-10 15:09 - 00027319 _____ () C:\Users\Carol\Desktop\FARBAR Addition.txt
2014-11-10 15:07 - 2014-11-10 15:08 - 00027319 _____ () C:\Users\Carol\Downloads\Addition.txt
2014-11-10 15:05 - 2014-11-13 19:49 - 00000000 ____D () C:\FRST
2014-11-10 15:05 - 2014-11-10 15:08 - 00031895 _____ () C:\Users\Carol\Downloads\FRST.txt
2014-11-10 15:03 - 2014-11-10 15:03 - 02116096 _____ (Farbar) C:\Users\Carol\Desktop\FRST64.exe
2014-11-10 15:01 - 2014-11-10 15:01 - 01107968 _____ (Farbar) C:\Users\Carol\Downloads\FRST.exe
2014-11-10 11:45 - 2014-11-10 11:45 - 00000529 _____ () C:\Users\Carol\Desktop\IObit Malware Fighter Report.log
2014-11-10 00:04 - 2014-11-10 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-11-09 23:59 - 2014-11-10 00:04 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-11-09 23:59 - 2014-11-09 23:59 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\IObit
2014-11-09 23:37 - 2014-11-09 23:39 - 32809520 _____ (IObit ) C:\Users\Carol\Downloads\IObit-Malware-Fighter-Setup.exe
2014-11-09 23:11 - 2014-11-09 23:11 - 00000000 _____ () C:\autoexec.bat
2014-11-09 21:49 - 2014-11-09 21:56 - 00602112 _____ (OldTimer Tools) C:\Users\Carol\Downloads\OTL.exe
2014-11-09 21:34 - 2014-11-09 21:47 - 00000321 _____ () C:\Users\Carol\Downloads\RegCureProSetup_e53615c_.exe
2014-11-09 21:22 - 2014-11-09 21:32 - 06209727 _____ (ParetoLogic, Inc.) C:\Users\Carol\Downloads\RegCureProSetup_e535a01_.exe.part
2014-11-09 21:21 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-09 21:15 - 2014-11-09 21:15 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Carol\Downloads\SpyHunter-Installer.exe
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-09 16:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-07 13:46 - 2014-11-07 20:05 - 00001681 _____ () C:\Users\Carol\Desktop\Invitation.msrcIncident
2014-11-07 13:10 - 2014-11-10 10:51 - 00000000 ____D () C:\ProgramData\IObit
2014-11-07 13:10 - 2014-11-07 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-26 22:17 - 2014-10-26 22:18 - 06254608 _____ (FixBliss) C:\Users\Carol\Downloads\SpeedFixTool-Setup.exe
2014-10-18 21:31 - 2014-10-18 21:31 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-10-18 21:31 - 2008-11-11 12:42 - 00033792 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64modem.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64gps.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64diag.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00017920 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64bus.sys
2014-10-17 10:57 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 10:57 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 10:54 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 21:33 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 21:33 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 21:33 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 21:33 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 21:33 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 21:33 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 21:30 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 21:30 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 19:50 - 2012-05-12 21:37 - 01626880 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 19:47 - 2012-10-20 18:46 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{25DD2188-DDE9-4E9D-A855-8222DB9D7D34}
2014-11-13 19:43 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 19:43 - 2009-07-13 22:51 - 00063251 _____ () C:\Windows\setupact.log
2014-11-13 19:40 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 19:40 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 19:33 - 2009-07-13 23:08 - 00032206 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 19:22 - 2014-06-27 14:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 22:14 - 2014-06-27 14:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 22:14 - 2013-11-03 10:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 22:14 - 2011-07-12 21:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 22:04 - 2012-10-20 18:46 - 00001413 _____ () C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-12 17:28 - 2014-09-19 21:28 - 00123904 ___SH () C:\Users\Carol\Desktop\Thumbs.db
2014-11-12 15:54 - 2009-07-13 23:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:47 - 2009-07-13 22:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:46 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 15:45 - 2010-11-20 21:47 - 00347562 _____ () C:\Windows\PFRO.log
2014-11-12 14:41 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\SoftGrid Client
2014-11-12 07:52 - 2014-07-17 19:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:44 - 2014-01-05 00:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 16:50 - 2014-09-19 21:28 - 00114176 ___SH () C:\Users\Carol\Downloads\Thumbs.db
2014-11-10 14:21 - 2013-11-06 18:39 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarol
2014-11-10 14:21 - 2013-11-06 18:39 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarol.job
2014-11-10 11:58 - 2014-04-11 13:01 - 00038792 _____ () C:\Users\Carol\Desktop\expense-reimbursement-form.xlsx
2014-11-09 21:16 - 2014-09-11 20:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-09 21:16 - 2014-08-13 20:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-09 21:16 - 2014-07-17 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-09 21:16 - 2014-07-17 13:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-09 14:40 - 2012-05-12 22:02 - 00000000 ____D () C:\ProgramData\Intel
2014-11-09 14:40 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-09 14:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-09 13:43 - 2012-10-20 18:17 - 00000000 ____D () C:\Users\Carol
2014-11-07 19:44 - 2013-11-06 18:41 - 00000000 ____D () C:\Users\Carol\AppData\Local\Windows Live Writer
2014-11-07 14:23 - 2013-12-06 14:06 - 00000000 ____D () C:\Users\Carol\AppData\Local\CrashDumps
2014-11-07 14:22 - 2013-11-28 13:36 - 00000000 ____D () C:\Users\Carol\Desktop\New folder
2014-10-18 21:31 - 2011-07-12 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-14 05:29 - 2014-07-17 19:38 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 05:29 - 2014-07-17 13:34 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 05:29 - 2014-07-17 13:34 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Some content of TEMP:
====================
C:\Users\Carol\AppData\Local\Temp\avgnt.exe
C:\Users\Carol\AppData\Local\Temp\Quarantine.exe
C:\Users\Carol\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-07 11:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Carol at 2014-11-13 19:52:09
Running from C:\Users\Carol\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DWACS 1.0.6.3 (HKLM-x32\...\ACS_is1) (Version: 1.0.6.3 - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
e-Sword (HKLM-x32\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IP Camera Viewer 1.0 (HKLM-x32\...\IP Camera Viewer_is1) (Version:  - DeskShare Inc.)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebACS 1.0.0.34 (HKLM-x32\...\WebACS_is1) (Version:  - WebACS)
webcamXP 5 (HKLM-x32\...\wLite) (Version: 5.8.5.0 - Moonware Studios)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

08-11-2014 02:34:41 Windows Modules Installer
08-11-2014 02:35:29 Windows Modules Installer
08-11-2014 02:56:06 Windows Modules Installer
08-11-2014 03:01:21 Windows Modules Installer
08-11-2014 03:22:03 Windows Modules Installer
08-11-2014 03:22:44 Windows Modules Installer
08-11-2014 11:38:12 Windows Update
09-11-2014 04:27:52 Restore Operation
10-11-2014 16:56:12 Windows Update
11-11-2014 14:12:50 Windows Update
12-11-2014 13:37:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {164C7DE4-A84D-49BC-AC16-82468DF88991} - System32\Tasks\HPCeeScheduleForCarol => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {19052654-54F3-4B88-BFF7-F26E414BDA9A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {1CFE4E98-8638-487F-BF38-9D6355FB0133} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {594E6A8E-894C-43E5-A660-6BA6A4FB2C83} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {5BA632FF-57B6-445A-A709-B75275E08DB4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5FDCD1E1-B410-4BD3-9F19-8E2F9693B8BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {CF14D93D-CC31-473B-81F1-600A9E5A6F61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D1D273E4-4D7A-4738-A99B-9EF9AD93E81A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D8B187B2-3820-4024-B102-9348A6F5CDE8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {DDC2BD29-3B95-4F4E-8346-70E67BF3DEA6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCarol.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-07 13:10 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-11-09 23:59 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-11-09 23:59 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2012-05-12 21:37 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3904076736-4116430610-328848089-500 - Administrator - Disabled)
Carol (S-1-5-21-3904076736-4116430610-328848089-1000 - Administrator - Enabled) => C:\Users\Carol
Guest (S-1-5-21-3904076736-4116430610-328848089-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3904076736-4116430610-328848089-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2014 07:45:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 07:35:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 07:22:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40461668

Error: (11/13/2014 07:22:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40461668

Error: (11/13/2014 07:22:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 07:07:39 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:07:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (11/12/2014 07:07:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

Error: (11/12/2014 07:05:27 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020

Error: (11/12/2014 07:04:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020

System errors:
=============
Error: (11/13/2014 07:43:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/13/2014 07:43:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:42:24 PM on ‎11/‎13/‎2014 was unexpected.

Error: (11/13/2014 07:40:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

Error: (11/13/2014 07:40:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

Error: (11/13/2014 07:39:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

Error: (11/13/2014 07:39:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/13/2014 07:37:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (11/13/2014 07:37:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/13/2014 07:37:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (11/13/2014 07:36:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Microsoft Office Sessions:
=========================
Error: (11/13/2014 07:45:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 07:35:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/13/2014 07:22:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40461668

Error: (11/13/2014 07:22:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40461668

Error: (11/13/2014 07:22:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2014 07:07:39 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil . Error code = 0x80070020
System.DirectoryServices.AccountManagement, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil

Error: (11/12/2014 07:07:30 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (11/12/2014 07:07:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (11/12/2014 07:05:27 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070020
Microsoft.PowerShell.GPowerShell, Version=1.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (11/12/2014 07:04:24 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 85%
Total physical RAM: 1899.86 MB
Available physical RAM: 280.28 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 1997.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.47 GB) (Free:229.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

#20
LarryDelos11
Posted 14 November 2014 - 11:22 AM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi Nevan, I'm having trouble running the ESET online scan.  Once I "accept' the terms and hit the start, it seems to get stuck in the window that opens.  Then the svchost.exe file begins to run and takes up enormous amounts of memory.  The processes it's running are all netsvcs.  Funny thing is when I shut it down in time, my computer runs fine.  Makes me think it's just sharing all my computer info with whatever/whomever is driving the processes.... but that's just my thinking. 

 

Here is the first scan. 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/13/2014
Scan Time: 8:18:58 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.13.11
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Carol

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345898
Time Elapsed: 26 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.UpdateService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEVSRV, Quarantined, [0cdd59e1c3b90333a88110560bf8b54b],

Registry Values: 1
PUP.Optional.UpdateService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDEVSRV|ImagePath, "C:\Users\Carol\AppData\Roaming\UpdateServ\UpdaterService.exe", Quarantined, [0cdd59e1c3b90333a88110560bf8b54b]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.Optional.StartSavin.A, C:\Program Files (x86)\runonce\StartSavin.exe, Quarantined, [b53476c45527b77f3318751c02ff40c0],
PUP.Optional.Softonic.A, C:\Users\Carol\Downloads\SoftonicDownloader_for_ip-camera-viewer.exe, Quarantined, [4b9e56e48def0a2cb57b2316946dbc44],
PUP.Optional.Softonic.A, C:\Users\Carol\Downloads\SoftonicDownloader_for_sweet-home-3d (1).exe, Quarantined, [07e26dcd0a72251177b97ebbc33e7c84],
PUP.Optional.Softonic.A, C:\Users\Carol\Downloads\SoftonicDownloader_for_sweet-home-3d.exe, Quarantined, [4b9eca70e19b61d554dc1623e41d9070],
PUP.Optional.InstallCore, C:\Users\Carol\Desktop\DdARRYL\Converters\httpwww.freefileviewer.comdownloading.html\FreeFileViewerSetup.exe, Quarantined, [e00986b41666df57f1c37184e91bbe42],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#21
LarryDelos11
Posted 14 November 2014 - 12:05 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here is scan#3.  If the svchost.exe is not a virus, is there a way to stop all the services running in the background? 

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Avira Desktop  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 15.0.0.152 
 Adobe Reader XI 
 Mozilla Firefox 30.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 IObit IObit Malware Fighter IMFsrv.exe 
 IObit IObit Malware Fighter IMF.exe 
 IObit IObit Malware Fighter adsremoval IE\Adblock.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
 


  • 0

#22
Nevan
Posted 14 November 2014 - 02:05 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, LarryDelos11.

Thank you for providing so much information about how your computer has been so far.
 

If the svchost.exe is not a virus, is there a way to stop all the services running in the background?

It still might be some infection that uses svchost.

There still are some entries in FRST that we need to take care of. Please, tell me if there's any difference after performing the fix.

 
Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   471bytes   193 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition.txt log content

  • 0

#23
LarryDelos11
Posted 14 November 2014 - 07:06 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here are the reports.  The svchost.exe file came up while the second scan was running.  I'm off to shut 'er down!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Carol at 2014-11-14 18:52:47 Run:3
Running from C:\Users\Carol\Desktop
Loaded Profile: Carol (Available profiles: Carol)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1393959501\mediadev.exe" [X]
S2 WinDevSrv; "C:\Users\Carol\AppData\Roaming\UpdateServ\UpdaterService.exe" [X]
HKU\S-1-5-21-3904076736-4116430610-328848089-1000\...\MountPoints2: G - G:\TL-Bootstrap.exe
2014-11-12 17:11 - 2014-11-12 17:11 - 00000000 ____D () C:\Users\Carol\AppData\Local\{64096D6C-E693-4BAB-8D7A-E8495A8DD044}
2014-11-09 23:11 - 2014-11-09 23:11 - 00000000 _____ () C:\autoexec.bat
EmptyTemp:
*****************

Processes closed successfully.
MediaDevSrv => Service deleted successfully.
WinDevSrv => Service not found.
"HKU\S-1-5-21-3904076736-4116430610-328848089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3904076736-4116430610-328848089-1000" => Key not found.
C:\Users\Carol\AppData\Local\{64096D6C-E693-4BAB-8D7A-E8495A8DD044} => Moved successfully.
C:\autoexec.bat => Moved successfully.
EmptyTemp: => Removed 299.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Carol (administrator) on CAROL-HP on 14-11-2014 18:56:45
Running from C:\Users\Carol\Desktop
Loaded Profile: Carol (Available profiles: Carol)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2013-11-22] (Apple Computer, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WatchingService] => "c:\program files (x86)\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run C:\Program Files (x86)\D-Link\D-Link D-ViewCam\Bin
HKLM-x32\...\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] => "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE" RunWithWindows
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3904076736-4116430610-328848089-1000\...\MountPoints2: G - G:\TL-Bootstrap.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
Toolbar: HKU\S-1-5-21-3904076736-4116430610-328848089-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} http://172.10.99.70:...late/WebACS.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-08-13]
FF Extension: Ads Removal - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-11-12]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Search) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Ads Removal) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-11-14]
CHR Extension: (Norton Identity Protection) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S3 wxpSvc; C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe [3326448 2014-07-15] (Moonware Studios)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-17] (Avira Operations GmbH & Co. KG)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 11:51 - 2014-11-14 11:53 - 00854448 _____ () C:\Users\Carol\Desktop\SecurityCheck.exe
2014-11-13 21:40 - 2014-11-14 18:47 - 00000000 ____D () C:\Users\Carol\Desktop\FRST-OlderVersion
2014-11-13 20:53 - 2014-11-13 20:53 - 00000274 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{25DD2188-DDE9-4E9D-A855-8222DB9D7D34}.job
2014-11-13 20:15 - 2014-11-13 20:15 - 00001862 _____ () C:\Users\Carol\Desktop\Malware instructions2.txt
2014-11-13 20:15 - 2014-11-13 20:15 - 00000930 _____ () C:\Users\Carol\Desktop\Malware instructions.txt
2014-11-13 20:08 - 2014-11-14 11:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 20:08 - 2014-11-13 20:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-13 20:08 - 2014-11-13 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-13 20:08 - 2014-11-13 20:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-13 20:08 - 2014-11-13 20:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-13 20:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-13 20:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-13 20:08 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-13 20:03 - 2014-11-13 20:04 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Carol\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-12 16:57 - 2014-11-14 18:58 - 00013525 _____ () C:\Users\Carol\Desktop\FRST.txt
2014-11-12 16:56 - 2014-11-13 21:56 - 00025771 _____ () C:\Users\Carol\Desktop\Addition.txt
2014-11-12 15:51 - 2014-11-12 15:51 - 00000000 __SHD () C:\Users\Carol\AppData\Local\EmieBrowserModeList
2014-11-12 15:41 - 2014-11-12 15:44 - 00000000 ____D () C:\AdwCleaner
2014-11-12 15:40 - 2014-11-12 15:40 - 00003902 _____ () C:\Users\Carol\Desktop\JRT.txt
2014-11-12 15:34 - 2014-11-12 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-11-12 15:24 - 2014-11-12 15:24 - 01706808 _____ (Thisisu) C:\Users\Carol\Desktop\JRT.exe
2014-11-12 14:56 - 2014-11-12 16:57 - 00015002 _____ () C:\Users\Carol\Desktop\Addition2.txt
2014-11-12 14:52 - 2014-11-12 16:56 - 00038002 _____ () C:\Users\Carol\Desktop\FRST2.txt
2014-11-12 14:45 - 2014-11-12 14:46 - 00001839 _____ () C:\Users\Carol\Desktop\computer fix 11-12-14.txt
2014-11-11 14:41 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 14:41 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 14:41 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 14:41 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 14:41 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 14:41 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 14:41 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 14:41 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 14:41 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 14:41 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 14:41 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 14:41 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 14:41 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 14:41 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 14:41 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 14:41 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 14:41 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 14:41 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 14:41 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 14:41 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 14:41 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 14:41 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 14:41 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 14:41 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 14:41 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 14:41 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 14:38 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 14:38 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 14:38 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 14:38 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 14:38 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 14:37 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 14:37 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 14:37 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 14:37 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 14:37 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 14:37 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 14:37 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:24 - 2014-11-11 14:28 - 00002124 _____ () C:\Users\Carol\Desktop\FSS1.txt
2014-11-11 14:22 - 2014-11-11 14:22 - 00002098 _____ () C:\Users\Carol\Downloads\fixlist.txt
2014-11-11 14:12 - 2014-11-11 14:15 - 00030773 _____ () C:\Users\Carol\Desktop\Addition1.txt
2014-11-11 13:52 - 2014-11-11 13:52 - 00415232 _____ (Farbar) C:\Users\Carol\Desktop\FSS.exe
2014-11-11 12:57 - 2014-11-11 12:57 - 00002327 _____ () C:\Users\Carol\Desktop\Geekstogo instructions.txt
2014-11-10 15:17 - 2014-11-10 15:17 - 02140160 _____ () C:\Users\Carol\Desktop\AdwCleaner.exe
2014-11-10 15:09 - 2014-11-11 14:15 - 00034308 _____ () C:\Users\Carol\Desktop\FRST1.txt
2014-11-10 15:09 - 2014-11-10 15:09 - 00027319 _____ () C:\Users\Carol\Desktop\FARBAR Addition.txt
2014-11-10 15:07 - 2014-11-10 15:08 - 00027319 _____ () C:\Users\Carol\Downloads\Addition.txt
2014-11-10 15:05 - 2014-11-14 18:56 - 00000000 ____D () C:\FRST
2014-11-10 15:05 - 2014-11-10 15:08 - 00031895 _____ () C:\Users\Carol\Downloads\FRST.txt
2014-11-10 15:03 - 2014-11-14 18:47 - 02116608 _____ (Farbar) C:\Users\Carol\Desktop\FRST64.exe
2014-11-10 15:01 - 2014-11-10 15:01 - 01107968 _____ (Farbar) C:\Users\Carol\Downloads\FRST.exe
2014-11-10 11:45 - 2014-11-10 11:45 - 00000529 _____ () C:\Users\Carol\Desktop\IObit Malware Fighter Report.log
2014-11-10 00:04 - 2014-11-10 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-11-09 23:59 - 2014-11-10 00:04 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-11-09 23:59 - 2014-11-09 23:59 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\IObit
2014-11-09 23:37 - 2014-11-09 23:39 - 32809520 _____ (IObit ) C:\Users\Carol\Downloads\IObit-Malware-Fighter-Setup.exe
2014-11-09 21:49 - 2014-11-09 21:56 - 00602112 _____ (OldTimer Tools) C:\Users\Carol\Downloads\OTL.exe
2014-11-09 21:34 - 2014-11-09 21:47 - 00000321 _____ () C:\Users\Carol\Downloads\RegCureProSetup_e53615c_.exe
2014-11-09 21:22 - 2014-11-09 21:32 - 06209727 _____ (ParetoLogic, Inc.) C:\Users\Carol\Downloads\RegCureProSetup_e535a01_.exe.part
2014-11-09 21:21 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-09 21:15 - 2014-11-09 21:15 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Carol\Downloads\SpyHunter-Installer.exe
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-09 16:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-07 13:46 - 2014-11-07 20:05 - 00001681 _____ () C:\Users\Carol\Desktop\Invitation.msrcIncident
2014-11-07 13:10 - 2014-11-10 10:51 - 00000000 ____D () C:\ProgramData\IObit
2014-11-07 13:10 - 2014-11-07 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-26 22:17 - 2014-10-26 22:18 - 06254608 _____ (FixBliss) C:\Users\Carol\Downloads\SpeedFixTool-Setup.exe
2014-10-18 21:31 - 2014-10-18 21:31 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-10-18 21:31 - 2008-11-11 12:42 - 00033792 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64modem.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64gps.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64diag.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00017920 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64bus.sys
2014-10-17 10:57 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 10:57 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 10:54 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 21:33 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 21:33 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 21:33 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 21:33 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 21:33 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 21:33 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 21:30 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 21:30 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-14 18:55 - 2014-09-19 21:28 - 00123904 ___SH () C:\Users\Carol\Desktop\Thumbs.db
2014-11-14 18:54 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 18:54 - 2009-07-13 22:51 - 00063979 _____ () C:\Windows\setupact.log
2014-11-14 18:53 - 2012-05-12 21:37 - 01751949 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 18:14 - 2014-06-27 14:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 18:10 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 18:10 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 18:02 - 2013-11-06 18:39 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarol.job
2014-11-14 11:18 - 2009-07-13 23:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 20:56 - 2010-11-20 21:47 - 00349730 _____ () C:\Windows\PFRO.log
2014-11-13 20:48 - 2007-01-01 19:25 - 00000000 ____D () C:\Windows\Panther
2014-11-13 20:46 - 2014-01-08 23:07 - 00000000 ____D () C:\Program Files (x86)\runonce
2014-11-13 19:47 - 2012-10-20 18:46 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{25DD2188-DDE9-4E9D-A855-8222DB9D7D34}
2014-11-12 22:14 - 2014-06-27 14:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 22:14 - 2013-11-03 10:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 22:14 - 2011-07-12 21:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 22:04 - 2012-10-20 18:46 - 00001413 _____ () C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-12 15:54 - 2009-07-13 23:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:47 - 2009-07-13 22:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:46 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 14:41 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\SoftGrid Client
2014-11-12 07:52 - 2014-07-17 19:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:44 - 2014-01-05 00:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 16:50 - 2014-09-19 21:28 - 00114176 ___SH () C:\Users\Carol\Downloads\Thumbs.db
2014-11-10 14:21 - 2013-11-06 18:39 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarol
2014-11-10 11:58 - 2014-04-11 13:01 - 00038792 _____ () C:\Users\Carol\Desktop\expense-reimbursement-form.xlsx
2014-11-09 21:16 - 2014-09-11 20:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-09 21:16 - 2014-08-13 20:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-09 21:16 - 2014-07-17 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-09 21:16 - 2014-07-17 13:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-09 14:40 - 2012-05-12 22:02 - 00000000 ____D () C:\ProgramData\Intel
2014-11-09 14:40 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-09 14:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-09 13:43 - 2012-10-20 18:17 - 00000000 ____D () C:\Users\Carol
2014-11-07 19:44 - 2013-11-06 18:41 - 00000000 ____D () C:\Users\Carol\AppData\Local\Windows Live Writer
2014-11-07 14:23 - 2013-12-06 14:06 - 00000000 ____D () C:\Users\Carol\AppData\Local\CrashDumps
2014-11-07 14:22 - 2013-11-28 13:36 - 00000000 ____D () C:\Users\Carol\Desktop\New folder
2014-10-18 21:31 - 2011-07-12 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\Carol\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-07 11:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Carol at 2014-11-14 18:58:47
Running from C:\Users\Carol\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DWACS 1.0.6.3 (HKLM-x32\...\ACS_is1) (Version: 1.0.6.3 - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
e-Sword (HKLM-x32\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IP Camera Viewer 1.0 (HKLM-x32\...\IP Camera Viewer_is1) (Version:  - DeskShare Inc.)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebACS 1.0.0.34 (HKLM-x32\...\WebACS_is1) (Version:  - WebACS)
webcamXP 5 (HKLM-x32\...\wLite) (Version: 5.8.5.0 - Moonware Studios)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

08-11-2014 02:34:41 Windows Modules Installer
08-11-2014 02:35:29 Windows Modules Installer
08-11-2014 02:56:06 Windows Modules Installer
08-11-2014 03:01:21 Windows Modules Installer
08-11-2014 03:22:03 Windows Modules Installer
08-11-2014 03:22:44 Windows Modules Installer
08-11-2014 11:38:12 Windows Update
09-11-2014 04:27:52 Restore Operation
10-11-2014 16:56:12 Windows Update
11-11-2014 14:12:50 Windows Update
12-11-2014 13:37:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {164C7DE4-A84D-49BC-AC16-82468DF88991} - System32\Tasks\HPCeeScheduleForCarol => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {19052654-54F3-4B88-BFF7-F26E414BDA9A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {1CFE4E98-8638-487F-BF38-9D6355FB0133} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {594E6A8E-894C-43E5-A660-6BA6A4FB2C83} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {5BA632FF-57B6-445A-A709-B75275E08DB4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5FDCD1E1-B410-4BD3-9F19-8E2F9693B8BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {CF14D93D-CC31-473B-81F1-600A9E5A6F61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D1D273E4-4D7A-4738-A99B-9EF9AD93E81A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D8B187B2-3820-4024-B102-9348A6F5CDE8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {DDC2BD29-3B95-4F4E-8346-70E67BF3DEA6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCarol.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{25DD2188-DDE9-4E9D-A855-8222DB9D7D34}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-07 13:10 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-11-09 23:59 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-11-09 23:59 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2012-05-12 21:37 - 2010-09-13 19:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3904076736-4116430610-328848089-500 - Administrator - Disabled)
Carol (S-1-5-21-3904076736-4116430610-328848089-1000 - Administrator - Enabled) => C:\Users\Carol
Guest (S-1-5-21-3904076736-4116430610-328848089-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3904076736-4116430610-328848089-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2014 06:56:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 06:03:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 06:02:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (11/14/2014 11:20:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 11:13:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:35:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:22:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41445441

Error: (11/14/2014 10:22:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41445441

Error: (11/14/2014 10:22:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2014 10:28:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/14/2014 06:54:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/14/2014 06:53:18 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/14/2014 06:52:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/14/2014 06:52:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/14/2014 06:52:50 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/14/2014 06:52:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/14/2014 06:52:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/14/2014 06:52:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/14/2014 06:52:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/14/2014 06:52:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/14/2014 06:56:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 06:03:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 06:02:48 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (11/14/2014 11:20:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 11:13:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:35:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2014 10:22:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41445441

Error: (11/14/2014 10:22:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41445441

Error: (11/14/2014 10:22:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2014 10:28:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 93%
Total physical RAM: 1899.86 MB
Available physical RAM: 131.49 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 1680.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.47 GB) (Free:229.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

#24
Nevan
Posted 15 November 2014 - 01:16 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, LarryDelos11.

I'm sorry but we need another fix. Please tell me if the problem is still there after performing it.

FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   66bytes   112 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if the problem is still there

  • 0

#25
LarryDelos11
Posted 15 November 2014 - 08:35 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here is the fix.  It hasn't come since I logged on a few minutes ago to run this fix.  Pray for me, I'm not convinced yet:)  Will let you know further after I take it for a test spin.  Thanks Nevan. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Carol at 2014-11-15 20:29:05 Run:4
Running from C:\Users\Carol\Desktop
Loaded Profiles: Carol (Available profiles: Carol)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Carol\AppData\Roaming\UpdateServ
C:\ProgramData\MediaDev
*****************

"C:\Users\Carol\AppData\Roaming\UpdateServ" => File/Directory not found.
"C:\ProgramData\MediaDev" => File/Directory not found.

==== End of Fixlog ====


  • 0

Advertisements

#26
LarryDelos11
Posted 16 November 2014 - 01:16 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Good Afternoon Nevan.  Well, it came back again minutes ago.  It did allow me to "end process" and close it down though.  I'll wait to hear from you.


  • 0

#27
LarryDelos11
Posted 16 November 2014 - 01:29 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

oops, double post  *******deleted*******


Edited by LarryDelos11, 16 November 2014 - 09:16 PM.

  • 0

#28
LarryDelos11
Posted 16 November 2014 - 09:12 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here is another scan since the svchost.exe came back.  Tried running it while svchost.exe was active but the scan stopped working. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Carol (administrator) on CAROL-HP on 16-11-2014 14:12:08
Running from C:\Users\Carol\Desktop
Loaded Profile: Carol (Available profiles: Carol)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2013-11-22] (Apple Computer, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WatchingService] => "c:\program files (x86)\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run C:\Program Files (x86)\D-Link\D-Link D-ViewCam\Bin
HKLM-x32\...\Run: ["C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE"] => "C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE" RunWithWindows
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3904076736-4116430610-328848089-1000\...\MountPoints2: G - G:\TL-Bootstrap.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKLM-x32 - {0E7F5DCC-5175-4ED9-AE82-C84450302BDC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
Toolbar: HKU\S-1-5-21-3904076736-4116430610-328848089-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {BB28FF6E-2BF3-4897-9931-7CDFFAF09670} http://172.10.99.70:...late/WebACS.cab

FireFox:
========
FF ProfilePath: C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-08-13]
FF Extension: Ads Removal - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\7kv9468o.default\Extensions\[email protected] [2014-11-15]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Search) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Ads Removal) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-11-14]
CHR Extension: (Norton Identity Protection) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Carol\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S3 wxpSvc; C:\Program Files (x86)\webcamXP5\webcamXP.Service.exe [3326448 2014-07-15] (Moonware Studios)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-17] (Avira Operations GmbH & Co. KG)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 14:12 - 2014-11-16 14:13 - 00013510 _____ () C:\Users\Carol\Desktop\FRST.txt
2014-11-16 13:51 - 2014-11-16 14:07 - 00014705 _____ () C:\Users\Carol\Desktop\Addition.txt
2014-11-14 11:51 - 2014-11-14 11:53 - 00854448 _____ () C:\Users\Carol\Desktop\SecurityCheck.exe
2014-11-13 21:40 - 2014-11-14 18:47 - 00000000 ____D () C:\Users\Carol\Desktop\FRST-OlderVersion
2014-11-13 20:15 - 2014-11-13 20:15 - 00001862 _____ () C:\Users\Carol\Desktop\Malware instructions2.txt
2014-11-13 20:15 - 2014-11-13 20:15 - 00000930 _____ () C:\Users\Carol\Desktop\Malware instructions.txt
2014-11-13 20:08 - 2014-11-15 08:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 20:08 - 2014-11-13 20:08 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-13 20:08 - 2014-11-13 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-13 20:08 - 2014-11-13 20:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-13 20:08 - 2014-11-13 20:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-13 20:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-13 20:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-13 20:08 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-13 20:03 - 2014-11-13 20:04 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Carol\Desktop\mbam-setup-2.0.3.1025.exe
2014-11-12 16:57 - 2014-11-16 13:51 - 00038796 _____ () C:\Users\Carol\Desktop\FRST3.txt
2014-11-12 16:56 - 2014-11-14 19:07 - 00026740 _____ () C:\Users\Carol\Desktop\Addition3.txt
2014-11-12 15:51 - 2014-11-12 15:51 - 00000000 __SHD () C:\Users\Carol\AppData\Local\EmieBrowserModeList
2014-11-12 15:41 - 2014-11-12 15:44 - 00000000 ____D () C:\AdwCleaner
2014-11-12 15:40 - 2014-11-12 15:40 - 00003902 _____ () C:\Users\Carol\Desktop\JRT.txt
2014-11-12 15:34 - 2014-11-12 15:34 - 00000000 ____D () C:\Windows\ERUNT
2014-11-12 15:24 - 2014-11-12 15:24 - 01706808 _____ (Thisisu) C:\Users\Carol\Desktop\JRT.exe
2014-11-12 14:56 - 2014-11-12 16:57 - 00015002 _____ () C:\Users\Carol\Desktop\Addition2.txt
2014-11-12 14:52 - 2014-11-12 16:56 - 00038002 _____ () C:\Users\Carol\Desktop\FRST2.txt
2014-11-12 14:45 - 2014-11-12 14:46 - 00001839 _____ () C:\Users\Carol\Desktop\computer fix 11-12-14.txt
2014-11-11 14:41 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 14:41 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 14:41 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 14:41 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 14:41 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 14:41 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 14:41 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 14:41 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 14:41 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 14:41 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 14:41 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 14:41 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 14:41 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 14:41 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 14:41 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 14:41 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 14:41 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 14:41 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 14:41 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 14:41 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 14:41 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 14:41 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 14:41 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 14:41 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 14:41 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 14:41 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 14:41 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 14:41 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 14:41 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 14:41 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 14:41 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 14:41 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 14:41 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 14:41 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 14:41 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 14:41 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 14:41 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 14:41 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 14:41 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 14:41 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 14:41 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 14:41 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 14:41 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 14:41 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 14:38 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 14:38 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 14:38 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 14:38 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 14:38 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 14:38 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 14:38 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 14:38 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 14:38 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 14:37 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 14:37 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 14:37 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 14:37 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 14:37 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 14:37 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 14:37 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:24 - 2014-11-11 14:28 - 00002124 _____ () C:\Users\Carol\Desktop\FSS1.txt
2014-11-11 14:22 - 2014-11-11 14:22 - 00002098 _____ () C:\Users\Carol\Downloads\fixlist.txt
2014-11-11 14:12 - 2014-11-11 14:15 - 00030773 _____ () C:\Users\Carol\Desktop\Addition1.txt
2014-11-11 13:52 - 2014-11-11 13:52 - 00415232 _____ (Farbar) C:\Users\Carol\Desktop\FSS.exe
2014-11-11 12:57 - 2014-11-11 12:57 - 00002327 _____ () C:\Users\Carol\Desktop\Geekstogo instructions.txt
2014-11-10 15:17 - 2014-11-10 15:17 - 02140160 _____ () C:\Users\Carol\Desktop\AdwCleaner.exe
2014-11-10 15:09 - 2014-11-11 14:15 - 00034308 _____ () C:\Users\Carol\Desktop\FRST1.txt
2014-11-10 15:09 - 2014-11-10 15:09 - 00027319 _____ () C:\Users\Carol\Desktop\FARBAR Addition.txt
2014-11-10 15:07 - 2014-11-10 15:08 - 00027319 _____ () C:\Users\Carol\Downloads\Addition.txt
2014-11-10 15:05 - 2014-11-16 14:12 - 00000000 ____D () C:\FRST
2014-11-10 15:05 - 2014-11-10 15:08 - 00031895 _____ () C:\Users\Carol\Downloads\FRST.txt
2014-11-10 15:03 - 2014-11-14 18:47 - 02116608 _____ (Farbar) C:\Users\Carol\Desktop\FRST64.exe
2014-11-10 15:01 - 2014-11-10 15:01 - 01107968 _____ (Farbar) C:\Users\Carol\Downloads\FRST.exe
2014-11-10 00:04 - 2014-11-10 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-11-09 23:59 - 2014-11-10 00:04 - 00001173 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-11-09 23:59 - 2014-11-09 23:59 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\IObit
2014-11-09 23:37 - 2014-11-09 23:39 - 32809520 _____ (IObit ) C:\Users\Carol\Downloads\IObit-Malware-Fighter-Setup.exe
2014-11-09 21:49 - 2014-11-09 21:56 - 00602112 _____ (OldTimer Tools) C:\Users\Carol\Downloads\OTL.exe
2014-11-09 21:34 - 2014-11-09 21:47 - 00000321 _____ () C:\Users\Carol\Downloads\RegCureProSetup_e53615c_.exe
2014-11-09 21:22 - 2014-11-09 21:32 - 06209727 _____ (ParetoLogic, Inc.) C:\Users\Carol\Downloads\RegCureProSetup_e535a01_.exe.part
2014-11-09 21:21 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-09 21:21 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-09 21:15 - 2014-11-09 21:15 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Carol\Downloads\SpyHunter-Installer.exe
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-09 16:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-09 16:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-11-09 16:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-07 13:46 - 2014-11-07 20:05 - 00001681 _____ () C:\Users\Carol\Desktop\Invitation.msrcIncident
2014-11-07 13:10 - 2014-11-10 10:51 - 00000000 ____D () C:\ProgramData\IObit
2014-11-07 13:10 - 2014-11-07 13:10 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-26 22:17 - 2014-10-26 22:18 - 06254608 _____ (FixBliss) C:\Users\Carol\Downloads\SpeedFixTool-Setup.exe
2014-10-18 21:31 - 2014-10-18 21:31 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-10-18 21:31 - 2008-11-11 12:42 - 00033792 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64modem.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64gps.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00027136 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64diag.sys
2014-10-18 21:31 - 2008-11-11 12:42 - 00017920 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgx64bus.sys
2014-10-17 10:57 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 10:57 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 10:54 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 14:14 - 2014-06-27 14:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 14:11 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 14:10 - 2009-07-13 22:51 - 00064819 _____ () C:\Windows\setupact.log
2014-11-16 13:51 - 2012-05-12 21:37 - 02052617 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 13:51 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 13:51 - 2009-07-13 22:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 13:47 - 2009-07-13 23:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-15 20:52 - 2012-10-20 18:46 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{25DD2188-DDE9-4E9D-A855-8222DB9D7D34}
2014-11-15 06:49 - 2014-07-17 22:57 - 00000000 ____D () C:\Users\Carol\AppData\Roaming\SoftGrid Client
2014-11-14 20:23 - 2013-10-27 17:59 - 00000000 ____D () C:\Users\Carol\Desktop\DdARRYL
2014-11-14 20:21 - 2013-11-06 18:39 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCarol
2014-11-14 20:21 - 2013-11-06 18:39 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForCarol.job
2014-11-14 18:55 - 2014-09-19 21:28 - 00123904 ___SH () C:\Users\Carol\Desktop\Thumbs.db
2014-11-13 20:56 - 2010-11-20 21:47 - 00349730 _____ () C:\Windows\PFRO.log
2014-11-13 20:48 - 2007-01-01 19:25 - 00000000 ____D () C:\Windows\Panther
2014-11-13 20:46 - 2014-01-08 23:07 - 00000000 ____D () C:\Program Files (x86)\runonce
2014-11-12 22:14 - 2014-06-27 14:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 22:14 - 2013-11-03 10:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 22:14 - 2011-07-12 21:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 22:04 - 2012-10-20 18:46 - 00001413 _____ () C:\Users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-12 15:54 - 2009-07-13 23:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:47 - 2009-07-13 22:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 15:46 - 2014-05-07 05:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 07:52 - 2014-07-17 19:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 07:44 - 2014-01-05 00:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 16:50 - 2014-09-19 21:28 - 00114176 ___SH () C:\Users\Carol\Downloads\Thumbs.db
2014-11-10 11:58 - 2014-04-11 13:01 - 00038792 _____ () C:\Users\Carol\Desktop\expense-reimbursement-form.xlsx
2014-11-09 21:16 - 2014-09-11 20:41 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-09 21:16 - 2014-08-13 20:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-09 21:16 - 2014-07-17 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-09 21:16 - 2014-07-17 13:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-09 14:41 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-09 14:40 - 2012-05-12 22:02 - 00000000 ____D () C:\ProgramData\Intel
2014-11-09 14:40 - 2011-07-12 21:32 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-09 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-09 14:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-11-09 13:43 - 2012-10-20 18:17 - 00000000 ____D () C:\Users\Carol
2014-11-07 19:44 - 2013-11-06 18:41 - 00000000 ____D () C:\Users\Carol\AppData\Local\Windows Live Writer
2014-11-07 14:23 - 2013-12-06 14:06 - 00000000 ____D () C:\Users\Carol\AppData\Local\CrashDumps
2014-11-07 14:22 - 2013-11-28 13:36 - 00000000 ____D () C:\Users\Carol\Desktop\New folder
2014-10-18 21:31 - 2011-07-12 21:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

Some content of TEMP:
====================
C:\Users\Carol\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-07 11:09

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Carol at 2014-11-16 14:14:43
Running from C:\Users\Carol\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DWACS 1.0.6.3 (HKLM-x32\...\ACS_is1) (Version: 1.0.6.3 - )
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
e-Sword (HKLM-x32\...\{294B365B-32EF-49EE-99B3-A00558DC76E5}) (Version: 10.02.0001 - Rick Meyers)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IP Camera Viewer 1.0 (HKLM-x32\...\IP Camera Viewer_is1) (Version:  - DeskShare Inc.)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WebACS 1.0.0.34 (HKLM-x32\...\WebACS_is1) (Version:  - WebACS)
webcamXP 5 (HKLM-x32\...\wLite) (Version: 5.8.5.0 - Moonware Studios)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

08-11-2014 03:01:21 Windows Modules Installer
08-11-2014 03:22:03 Windows Modules Installer
08-11-2014 03:22:44 Windows Modules Installer
08-11-2014 11:38:12 Windows Update
09-11-2014 04:27:52 Restore Operation
10-11-2014 16:56:12 Windows Update
11-11-2014 14:12:50 Windows Update
12-11-2014 13:37:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {164C7DE4-A84D-49BC-AC16-82468DF88991} - System32\Tasks\HPCeeScheduleForCarol => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {19052654-54F3-4B88-BFF7-F26E414BDA9A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {1CFE4E98-8638-487F-BF38-9D6355FB0133} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {594E6A8E-894C-43E5-A660-6BA6A4FB2C83} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {5BA632FF-57B6-445A-A709-B75275E08DB4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5FDCD1E1-B410-4BD3-9F19-8E2F9693B8BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {CF14D93D-CC31-473B-81F1-600A9E5A6F61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D1D273E4-4D7A-4738-A99B-9EF9AD93E81A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {D8B187B2-3820-4024-B102-9348A6F5CDE8} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {DDC2BD29-3B95-4F4E-8346-70E67BF3DEA6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCarol.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-07 13:10 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-11-07 13:10 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-11-09 23:59 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-11-09 23:59 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-11-09 23:59 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3904076736-4116430610-328848089-500 - Administrator - Disabled)
Carol (S-1-5-21-3904076736-4116430610-328848089-1000 - Administrator - Enabled) => C:\Users\Carol
Guest (S-1-5-21-3904076736-4116430610-328848089-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3904076736-4116430610-328848089-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2014 02:14:04 PM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (11/16/2014 02:12:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:57:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (11/16/2014 01:49:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:44:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:38:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:34:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:22:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:14:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/16/2014 02:11:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/16/2014 02:10:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:09:42 PM on ‎11/‎16/‎2014 was unexpected.

Error: (11/16/2014 02:06:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

Error: (11/16/2014 02:05:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

Error: (11/16/2014 02:04:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

Error: (11/16/2014 02:04:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

Error: (11/16/2014 01:58:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

Error: (11/16/2014 01:57:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

Error: (11/16/2014 01:57:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (11/16/2014 01:56:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

Microsoft Office Sessions:
=========================
Error: (11/16/2014 02:14:04 PM) (Source: IAStorDataMgrSvc) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (11/16/2014 02:12:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:57:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error:  Initialization failed 0x80080005 Type: 88::UnexpectedError.

Error: (11/16/2014 01:49:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:44:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:38:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:34:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:22:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 01:14:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B800 @ 1.50GHz
Percentage of memory in use: 55%
Total physical RAM: 1899.86 MB
Available physical RAM: 837.57 MB
Total Pagefile: 3799.72 MB
Available Pagefile: 2452 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:279.47 GB) (Free:229.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.46 GB) (Free:1.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E9B0A126)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=279.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================


  • 0

#29
Nevan
Posted 17 November 2014 - 12:19 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, LarryDelos11

Let's try to find what causes this svchost.exe to eat so much memory.
  • Download Process Explorer to your Desktop and unpack it
  • Double-click procexp.exe
  • From the menu bar select View > Show Lower Pane
  • Select the svchost.exe that is using the most resources by clicking it
  • From the menu bar select File > Save as... Save that file to your Desktop.
  • Please attach svchost.exe.txt from your Desktop to your next post.
Note: You may need to edit the file name from svchost.exe.txt to explorer.txt to allow it to be attached
  • 0

#30
LarryDelos11
Posted 18 November 2014 - 02:09 PM

LarryDelos11

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here we go Nevan.  I don't know what sets it off.  I couldn't get it come up last night but It came up just now.  Thanks!

 

Process CPU Private Bytes Working Set PID Description Company Name
svchost.exe 1.00 932,428 K 797,828 K 1000 Host Process for Windows Services Microsoft Corporation
iexplore.exe 0.21 193,388 K 59,976 K 4084 Internet Explorer Microsoft Corporation
procexp64.exe 6.24 24,928 K 32,408 K 4680 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe < 0.01 61,384 K 28,768 K 948 Host Process for Windows Services Microsoft Corporation
EXCELC.EXE 0.02 19,356 K 27,088 K 8200  
dwm.exe 1.08 40,160 K 23,276 K 2272 Desktop Window Manager Microsoft Corporation
avguard.exe < 0.01 197,996 K 22,896 K 1640 Antivirus Host Framework Service Avira Operations GmbH & Co. KG
OffSpon.EXE 0.02 11,660 K 19,544 K 7224  
explorer.exe 0.18 36,192 K 15,860 K 2328 Windows Explorer Microsoft Corporation
csrss.exe 0.42 2,740 K 13,220 K 532 Client Server Runtime Process Microsoft Corporation
Avira.OE.ServiceHost.exe 0.20 36,940 K 2,452 K 2260 Avira.OE.ServiceHost Avira Operations GmbH & Co. KG
IMF.exe 0.05 100,568 K 11,976 K 3688 IObit Malware Fighter IObit
svchost.exe 0.19 13,388 K 11,000 K 1388 Host Process for Windows Services Microsoft Corporation
wmpnetwk.exe 0.04 13,668 K 10,016 K 4636 Windows Media Player Network Sharing Service Microsoft Corporation
iexplore.exe 0.31 14,628 K 9,720 K 3420 Internet Explorer Microsoft Corporation
svchost.exe < 0.01 23,576 K 9,160 K 868 Host Process for Windows Services Microsoft Corporation
TrustedInstaller.exe  7,304 K 9,112 K 6732 Windows Modules Installer Microsoft Corporation
svchost.exe 0.02 11,892 K 8,784 K 976 Host Process for Windows Services Microsoft Corporation
Avira.OE.Systray.exe 0.23 36,724 K 3,580 K 3176 Avira Avira Operations GmbH & Co. KG
svchost.exe < 0.01 6,128 K 7,748 K 5108 Host Process for Windows Services Microsoft Corporation
avgnt.exe 0.01 9,396 K 7,688 K 3168 Avira system tray application Avira Operations GmbH & Co. KG
lsass.exe 0.03 6,292 K 7,156 K 592 Local Security Authority Process Microsoft Corporation
svchost.exe < 0.01 15,892 K 7,044 K 420 Host Process for Windows Services Microsoft Corporation
iexplore.exe 0.01 54,876 K 6,448 K 7536 Internet Explorer Microsoft Corporation
svchost.exe  7,616 K 5,716 K 4352 Host Process for Windows Services Microsoft Corporation
dllhost.exe 0.23 2,008 K 5,672 K 2468 COM Surrogate Microsoft Corporation
svchost.exe 0.12 6,112 K 5,152 K 816 Host Process for Windows Services Microsoft Corporation
IAStorIcon.exe 0.02 24,836 K 5,104 K 2920 IAStorIcon Intel Corporation
taskmgr.exe 0.40 3,088 K 4,816 K 8868 Windows Task Manager Microsoft Corporation
IAStorDataMgrSvc.exe 0.03 19,480 K 4,708 K 1972 IAStorDataSvc Intel Corporation
services.exe 0.68 6,776 K 4,176 K 560 Services and Controller app Microsoft Corporation
taskhost.exe 0.01 13,392 K 3,804 K 2148 Host Process for Windows Tasks Microsoft Corporation
sftlist.exe 0.01 12,368 K 3,476 K 2616 Microsoft Application Virtualization Client Service Microsoft Corporation
spoolsv.exe  9,468 K 3,472 K 1304 Spooler SubSystem App Microsoft Corporation
svchost.exe 0.18 4,488 K 3,152 K 736 Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe < 0.01 34,900 K 2,764 K 2080 Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 0.01 2,556 K 2,728 K 4380 Host Process for Windows Services Microsoft Corporation
svchost.exe  976 K 2,676 K 3628 Host Process for Windows Services Microsoft Corporation
WLIDSVC.EXE < 0.01 6,912 K 2,668 K 2068 Microsoft® Windows Live ID Service Microsoft Corp.
mDNSResponder.exe  2,340 K 2,440 K 1780 Bonjour Service Apple Inc.
iTunesHelper.exe < 0.01 3,524 K 2,040 K 3152 iTunesHelper Apple Inc.
SynTPEnh.exe < 0.01 8,572 K 1,940 K 2832 Synaptics TouchPad Enhancements Synaptics Incorporated
iPodService.exe 0.02 2,880 K 1,864 K 4284 iPodService Module (64-bit) Apple Inc.
RNowSvc.exe  2,180 K 1,856 K 2036 Windows Service App Roxio
CVH.EXE  5,720 K 1,768 K 712 Microsoft Office Client Virtualization Handler Microsoft Corporation
CVHSVC.EXE  7,136 K 1,644 K 3024 Microsoft Office Client Virtualization Service  Microsoft Corporation
igfxpers.exe  3,052 K 1,524 K 2864 persistence Module Intel Corporation
dllhost.exe  2,536 K 1,344 K 6104 COM Surrogate Microsoft Corporation
LMS.exe 0.05 2,584 K 1,336 K 3204 Local Manageability Service Intel Corporation
lsm.exe 0.01 2,732 K 1,348 K 600 Local Session Manager Service Microsoft Corporation
taskeng.exe  2,028 K 1,296 K 3904 Task Scheduler Engine Microsoft Corporation
UNS.exe  3,000 K 1,292 K 4236 User Notification Service Intel Corporation
hkcmd.exe  2,160 K 1,192 K 2848 hkcmd Module Intel Corporation
igfxtray.exe  2,304 K 1,144 K 2840 igfxTray Module Intel Corporation
svchost.exe  1,916 K 1,140 K 1572 Host Process for Windows Services Microsoft Corporation
RIconMan.exe 0.05 2,196 K 1,124 K 1960 Realtek Card Reader Icon Tool. Realsil Microelectronics Inc.
Adblock.exe  72,152 K 976 K 6156 Helps you remove browser ads! Adblock
svchost.exe  2,356 K 948 K 536 Host Process for Windows Services Microsoft Corporation
AppleMobileDeviceService.exe 0.01 3,120 K 900 K 1660 MobileDeviceService Apple Inc.
RtkNGUI64.exe  9,968 K 668 K 2780 Realtek HD Audio Manager Realtek Semiconductor
csrss.exe < 0.01 2,748 K 588 K 440 Client Server Runtime Process Microsoft Corporation
sched.exe  3,748 K 400 K 1340 Antivirus Host Framework Service Avira Operations GmbH & Co. KG
qttask.exe  1,144 K 392 K 3080  Apple Computer, Inc.
IMFsrv.exe 0.03 3,492 K 324 K 1412 IObit Malware Fighter Service IObit
OFFICEVIRT.EXE  2,020 K 308 K 4748  
System 0.80 172 K 276 K 4  
YCMMirage.exe < 0.01 1,624 K 264 K 3936 YouCam Mirage CyberLink
SynTPHelper.exe  1,180 K 240 K 2596 Synaptics Pointing Device Helper Synaptics Incorporated
procexp.exe  2,192 K 228 K 7560 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
OSPPSVC.EXE  2,680 K 208 K 6256 Microsoft Office Software Protection Platform Service Microsoft Corporation
sftvsa.exe  1,384 K 204 K 1816 Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation
HPClientServices.exe  3,492 K 200 K 1832 HP Client Services Hewlett-Packard Company
AERTSr64.exe  968 K 200 K 1616 Andrea filters APO access service (64-bit) Andrea Electronics Corporation
WLIDSVCM.EXE  1,204 K 160 K 2292 Microsoft® Windows Live ID Service Monitor Microsoft Corp.
winlogon.exe  2,840 K 156 K 612 Windows Logon Application Microsoft Corporation
HPWMISVC.exe  1,224 K 148 K 1864 HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P.
avshadow.exe  1,364 K 124 K 3872 AntiVir shadow copy service Avira Operations GmbH & Co. KG
armsvc.exe  1,160 K 104 K 1576 Adobe Acrobat Update Service Adobe Systems Incorporated
wininit.exe  1,468 K 92 K 504 Windows Start-Up Application Microsoft Corporation
smss.exe  452 K 68 K 300 Windows Session Manager Microsoft Corporation
System Idle Process 86.19 0 K 24 K 0  
Interrupts 0.85 0 K 0 K n/a Hardware Interrupts and DPCs 

Process: svchost.exe Pid: 1000

Type Name
ALPC Port \RPC Control\IUserProfile2
ALPC Port \ThemeApiPort
ALPC Port \RPC Control\OLED8EE40F4EF9545698AF88E861D25
ALPC Port \RPC Control\senssvc
Desktop \Default
Directory \KnownDlls
Directory \BaseNamedObjects
Directory \BaseNamedObjects
Event \...\MmcssStatusEvent
Event \KernelObjects\MaximumCommitCondition
Event \BaseNamedObjects\TermSrvReadyEvent
Event \BaseNamedObjects\SENS Started Event
Event \BaseNamedObjects\{C35B8104-5E0E-4747-90E1-310873FFC872}ShellHWDetection
Event \BaseNamedObjects\{C35B8104-5E0E-4747-90E1-310873FFC872}ShellHWDetection
Event \Sessions\1\BaseNamedObjects\ThemeLoadedEvent
Event \BaseNamedObjects\WiaServiceStarted
Event \BaseNamedObjects\BFE_Notify_Event_{39ebbb91-ff84-400e-9a17-e296f77577b5}
Event \BaseNamedObjects\BFE_Notify_Event_{d2f7faa5-e92a-4bdf-9f25-fdb18208c110}
Event \BaseNamedObjects\WINMGMT_COREDLL_CANSHUTDOWN
Event \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN
Event \BaseNamedObjects\WMI_SysEvent_LodCtr
Event \BaseNamedObjects\WMI_SysEvent_UnLodCtr
Event \BaseNamedObjects\WMI_RevAdap_Set
Event \BaseNamedObjects\WMI_RevAdap_ACK
Event \BaseNamedObjects\WMI_ProcessIdleTasksStart
Event \BaseNamedObjects\WMI_ProcessIdleTasksComplete
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \LanmanServerAnnounceEvent
Event \BaseNamedObjects\LanmanServerNetworkInitialized
Event \BaseNamedObjects\BFE_Notify_Event_{d2cdcf51-551d-4bcd-bd0e-bdbf4fa35225}
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2SCM EVENT PROVIDER
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
Event \BaseNamedObjects\Go0:  ESENT Performance Data Schema Version 85
Event \BaseNamedObjects\Ready0:  ESENT Performance Data Schema Version 85
File C:\Windows\System32
File \Device\KsecDD
File \Device\WMIDataDevice
File \Device\PcwDrv
File C:\Windows\Tasks\SCHEDLGU.TXT
File \Device\HarddiskVolume2
File \Device\NamedPipe\atsvc
File C:\Windows\Tasks
File \Device\NamedPipe\atsvc
File \Device\NamedPipe\atsvc
File \Device\Afd
File \Device\Afd
File \Device\NamedPipe\Winsock2\CatalogChangeListener-3e8-0
File \Device\Afd
File \Device\Afd
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac
File \Device\KsecDD
File \Device\KsecDD
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Nsi
File \Device\Afd\Endpoint
File C:\Windows\System32\wbem\MOF
File C:\Windows\System32\wbem\repository\MAPPING1.MAP
File C:\Windows\System32\wbem\repository\MAPPING2.MAP
File C:\Windows\System32\wbem\repository\MAPPING3.MAP
File C:\Windows\System32\wbem\repository\OBJECTS.DATA
File C:\Windows\System32\wbem\repository\INDEX.BTR
File C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My
File \Device\WMIDataDevice
File \Device\Afd
File \Device\SrvAdmin
File \Device\SrvAdmin
File \Device\LanmanServer
File \Device\Srv2
File \Device\NamedPipe\srvsvc
File \Device\NamedPipe\srvsvc
File C:\Windows\System32\en-US\wer.dll.mui
File \Device\NamedPipe\srvsvc
File C:\Windows\SoftwareDistribution\ReportingEvents.log
File C:\Windows\System32\en-US\FirewallAPI.dll.mui
File \Device\NamedPipe\srvsvc
File \Device\NamedPipe\browser
File \Device\00000046
File \Device\NamedPipe\browser
File \Device\LanmanDatagramReceiver
File \Device\NamedPipe\browser
File \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER
File C:\Windows\System32\en-US\nci.dll.mui
File C:\Windows\System32\en-US\wuaueng.dll.mui
File C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log
File C:\Windows\System32\en-US\profsvc.dll.mui
File \Device\Afd
File \Device\Afd
File C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
File C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
File C:\Windows\WindowsUpdate.log
File C:\Windows\System32\en-US\KernelBase.dll.mui
File \Device\Afd
File \Device\Afd
File C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb
Job \BaseNamedObjects\WmiProviderSubSystemHostJob
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
Key HKU\.DEFAULT
Key HKU\.DEFAULT\Control Panel\International
Key HKU\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople
Key HKCR
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
Key HKLM\SYSTEM\ControlSet001\services\IKEEXT
Key HKLM\SOFTWARE\Microsoft\NetworkAccessProtection\NapClient
Key HKLM\SYSTEM\ControlSet001\services\VSS\Diag\WMI Writer
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key HKLM\SOFTWARE\Microsoft\Tracing\IpHlpSvc
Key HKU\.DEFAULT
Key HKLM\SYSTEM\ControlSet001\Enum
Key HKLM\SYSTEM\ControlSet001\services
Key HKLM\SYSTEM\ControlSet001\Control\CLASS
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses
Key HKLM\SYSTEM\ControlSet001\Control\CoDeviceInstallers
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage
Key HKLM\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0009
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed
Key HKU\.DEFAULT
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\CA
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Key HKLM\SYSTEM\ControlSet001\services\LanmanServer\ShareProviders
Key HKLM\SYSTEM\ControlSet001\services\LanmanServer\Parameters
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\CA
Key HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion
Key HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
Key HKU\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot
Key HKU\.DEFAULT
Key HKLM\SYSTEM\ControlSet001\services\Browser\Parameters
Key HKU\.DEFAULT\Software\Microsoft\SystemCertificates\My
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople
Key HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates
Key HKU\.DEFAULT\Software\Microsoft\SystemCertificates\CA
Key HKU\.DEFAULT\Software\Microsoft\SystemCertificates\trust
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Trust
Key HKU\.DEFAULT\Software\Policies\Microsoft\SystemCertificates
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople
Key HKLM\SYSTEM\ControlSet001\services\EapHost
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache
Key HKU\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed
Key HKLM\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0012
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT
Key HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root
Key HKLM\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0013
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
Key HKLM\SYSTEM\ControlSet001\services\crypt32
Key HKLM\SYSTEM\ControlSet001\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0015
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
Key HKU\.DEFAULT
Key HKLM\SYSTEM\ControlSet001\services\VSS\Diag\BITS Writer
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key HKLM\SOFTWARE\Microsoft\SystemCertificates\trust
Key HKU\.DEFAULT\Software\Microsoft\SystemCertificates\Root
Key HKLM\SYSTEM\ControlSet001\Control\NetworkProvider\HwOrder
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
Key HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag
Key HKLM\SYSTEM\ControlSet001\services\SharedAccess\Epoch
Mutant \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc
Mutant \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc
Mutant \BaseNamedObjects\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7
Mutant \BaseNamedObjects\WindowsUpdateTracingMutex
Mutant \BaseNamedObjects\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7
Mutant \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc
Mutant \BaseNamedObjects\Instance0:  ESENT Performance Data Schema Version 85
Mutant \BaseNamedObjects\RasPbFile
Mutant \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc
Process EXCELC.EXE(8200)
Process winlogon.exe(612)
Process <Access is denied.

>
Process winlogon.exe(612)
Process winlogon.exe(612)
Process taskhost.exe(2148)
Process explorer.exe(2328)
Process dwm.exe(2272)
Process svchost.exe(1000)
Process <Access is denied.

>
Process <Access is denied.

>
Process <Access is denied.

>
Process igfxtray.exe(2840)
Process explorer.exe(2328)
Process RtkNGUI64.exe(2780)
Process <Access is denied.

>
Process hkcmd.exe(2848)
Process igfxpers.exe(2864)
Process SynTPEnh.exe(2832)
Process SynTPHelper.exe(2596)
Process qttask.exe(3080)
Process iexplore.exe(4084)
Process taskeng.exe(3904)
Process iTunesHelper.exe(3152)
Process IMF.exe(3688)
Process Avira.OE.Systray.exe(3176)
Process taskeng.exe(3904)
Process avgnt.exe(3168)
Process IAStorIcon.exe(2920)
Process YCMMirage.exe(3936)
Process iexplore.exe(7536)
Process procexp64.exe(4680)
Process CVH.EXE(712)
Process OffSpon.EXE(7224)
Process Adblock.exe(6156)
Process taskmgr.exe(8868)
Process iexplore.exe(3420)
Process dllhost.exe(2468)
Section \BaseNamedObjects\__ComCatalogCache__
Section \BaseNamedObjects\SENS Information Cache
Section \BaseNamedObjects\__ComCatalogCache__
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000003c.db
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Section \BaseNamedObjects\GDA:  ESENT Performance Data Schema Version 85
Section \BaseNamedObjects\RotHintTable
Section \BaseNamedObjects\windows_shell_global_counters
Section \BaseNamedObjects\MMF_BITS_s
Section \BaseNamedObjects\IDA0:  ESENT Performance Data Schema Version 85
Thread svchost.exe(1000): 1004
Thread svchost.exe(1000): 3248
Thread svchost.exe(1000): 1008
Thread svchost.exe(1000): 1008
Thread svchost.exe(1000): 7656
Thread svchost.exe(1000): 696
Thread svchost.exe(1000): 360
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 596
Thread svchost.exe(1000): 1036
Thread svchost.exe(1000): 1036
Thread svchost.exe(1000): 1076
Thread svchost.exe(1000): 1124
Thread svchost.exe(1000): 1220
Thread svchost.exe(1000): 1272
Thread svchost.exe(1000): 1288
Thread svchost.exe(1000): 1220
Thread svchost.exe(1000): 1288
Thread svchost.exe(1000): 1992
Thread svchost.exe(1000): 2052
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 2088
Thread svchost.exe(1000): 2520
Thread svchost.exe(1000): 2560
Thread svchost.exe(1000): 5632
Thread svchost.exe(1000): 1272
Thread svchost.exe(1000): 6464
Thread svchost.exe(1000): 7324
Thread svchost.exe(1000): 2664
Thread svchost.exe(1000): 2664
Thread svchost.exe(1000): 7656
Thread explorer.exe(2328): 2668
Thread svchost.exe(1000): 4780
Thread svchost.exe(1000): 2428
Thread svchost.exe(1000): 1272
Thread svchost.exe(1000): 6008
Thread svchost.exe(1000): 5752
Thread svchost.exe(1000): 5856
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 4372
Thread svchost.exe(1000): 6040
Thread svchost.exe(1000): 4388
Thread svchost.exe(1000): 2660
Thread <Access is denied.

>
Thread svchost.exe(1000): 6412
Thread svchost.exe(1000): 4704
Thread svchost.exe(1000): 3764
Thread svchost.exe(1000): 8960
Thread svchost.exe(1000): 7656
Thread svchost.exe(1000): 4672
Thread svchost.exe(1000): 6040
Thread svchost.exe(1000): 4592
Thread svchost.exe(1000): 4704
Thread svchost.exe(1000): 4672
Thread svchost.exe(1000): 1076
Thread svchost.exe(1000): 3764
Thread svchost.exe(1000): 6412
Thread svchost.exe(1000): 4388
Thread svchost.exe(1000): 5476
Thread svchost.exe(1000): 8536
Thread svchost.exe(1000): 2088
Thread svchost.exe(1000): 6412
Thread svchost.exe(1000): 8900
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 5856
Thread svchost.exe(1000): 1004
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 8536
Thread svchost.exe(1000): 6412
Thread <Access is denied.

>
Thread svchost.exe(1000): 2680
Thread svchost.exe(1000): 3008
Thread svchost.exe(1000): 5476
Thread svchost.exe(1000): 3764
Thread svchost.exe(1000): 5856
Thread svchost.exe(1000): 6040
Thread svchost.exe(1000): 6168
Thread svchost.exe(1000): 6168
Thread svchost.exe(1000): 4780
Thread svchost.exe(1000): 7692
Thread svchost.exe(1000): 6040
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 6040
Thread svchost.exe(1000): 5752
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 6924
Thread svchost.exe(1000): 5136
Thread svchost.exe(1000): 7944
Thread svchost.exe(1000): 7692
Thread svchost.exe(1000): 8624
Thread svchost.exe(1000): 7692
Thread svchost.exe(1000): 8624
Thread svchost.exe(1000): 7656
Thread svchost.exe(1000): 6464
Thread svchost.exe(1000): 8624
Thread svchost.exe(1000): 5580
Thread svchost.exe(1000): 5580
Thread svchost.exe(1000): 5580
Thread svchost.exe(1000): 5580
Thread svchost.exe(1000): 8536
Thread svchost.exe(1000): 5752
Thread svchost.exe(1000): 8624
Thread svchost.exe(1000): 8624
Thread svchost.exe(1000): 6464
Thread svchost.exe(1000): 8960
Thread svchost.exe(1000): 6164
Thread svchost.exe(1000): 1136
Thread svchost.exe(1000): 6008
Thread svchost.exe(1000): 8960
Thread svchost.exe(1000): 992
Thread svchost.exe(1000): 992
Thread svchost.exe(1000): 6008
Thread svchost.exe(1000): 7540
Thread svchost.exe(1000): 7156
Thread svchost.exe(1000): 5136
Thread svchost.exe(1000): 8220
Thread <The handle is invalid.

>
Thread <The handle is invalid.

>
Thread svchost.exe(1000): 1356
Thread svchost.exe(1000): 3248
Thread svchost.exe(1000): 8220
Thread svchost.exe(1000): 1356
Thread svchost.exe(1000): 6464
Thread svchost.exe(1000): 6008
Thread svchost.exe(1000): 1852
Thread <The handle is invalid.

>
Thread svchost.exe(1000): 8220
Thread <The handle is invalid.

>
Thread svchost.exe(1000): 992
Thread svchost.exe(1000): 5136
Thread svchost.exe(1000): 7156
Thread svchost.exe(1000): 6164
Thread svchost.exe(1000): 6164
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\ANONYMOUS LOGON:3e6
Token Carol-HP\Carol:21931
Token Carol-HP\Carol:21931
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\LOCAL SERVICE:3e5
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token NT AUTHORITY\NETWORK SERVICE:3e4
Token Carol-HP\Carol:21931
Token Carol-HP\Carol:21931
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\SYSTEM:3e7
Token NT AUTHORITY\NETWORK SERVICE:3e4
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\Service-0x0-3e7$


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP