Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple instances of chrome.exe *32

Started by DXhound , Nov 17 2014 06:36 PM
chrome.exe *32 IdleCrawler

  • Please log in to reply

#1
DXhound
Posted 17 November 2014 - 06:36 PM

DXhound

    Member

  • Member
  • PipPip
  • 15 posts

Apparently my wife has managed to become infected with IdleCrawler (and who knows what else.)  Today she clicked on a link in an email allegedly from her niece and asked me why the page did not open properly.  Below is the email:

 

Hi Evelyn. How are you? Good http://euromembranesa.co.za/czp/

Sent from my iPhone

 

I contacted the niece and (of course) she did not send that email.  Possibly her computer/address book has been hacked.

 

That is when I started looking at my wife's computer and noticed that CPU useage was running around 50% with no applications running.  Looking at Windows Task Manager's Processes list, I saw multiple instances of "chrome.exe *32" and the Chrome browser is not even installed on this computer (3.00 GHz 64-bit HP with 3.00 GB of RAM running Win 7 Home Premium.)

 

This email today may not have been the source of the installation of IdleCrawler because the folder containing IdleCrawler (see location below) has a "modified date" of 10/7/2014.

 

C:\Users\Evelyn\AppData\Local\Idle-#-Crawler

 

Searching Google for "chrome.exe *32 in task manager virus" led me to many similar issues which were "Solved" by the volunteers on this Forum.  I tried to find specific instructions on how to remove this without needing to bother anyone with this Post but I was not successful.

 

While I was typing this email, Avast alerted me that it had blocked a malacious webpage.  I managed to take a screenshot of that alert and have attached it to this Post.  I was not surfing the Internet at the time that alert appeared.

 

Chrome Malware Alert.png

 

Following the "Malware Cleaning Guide" on this Forum, I downloaded and ran a Quick Scan with OTL.  The OTL log is posted below.

 

Thank you in advance for any help you may be able to provide.

 

 

OTL logfile created on: 11/17/2014 6:09:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\OTL by OldTimer
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 40.74% Memory free
5.50 Gb Paging File | 3.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 408.46 Gb Free Space | 69.94% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.47 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
 
Computer Name: HP-KITCHEN | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/17 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL by OldTimer\OTL.exe
PRC - [2014/11/13 15:33:53 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/14 20:14:43 | 000,389,744 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/09/21 18:41:31 | 001,870,000 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
PRC - [2014/09/13 11:11:43 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/09/13 11:11:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/09 13:45:30 | 000,133,216 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
PRC - [2014/07/21 05:50:19 | 000,697,344 | ---- | M] (The Chromium Authors) -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
PRC - [2012/09/12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/09/01 09:39:24 | 002,000,384 | ---- | M] (Dominik Reichl) -- C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/06/17 18:59:40 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 22:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
PRC - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/10/14 17:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/13 15:33:52 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/10/14 20:14:43 | 003,339,376 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/10/14 20:14:43 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/10/14 20:14:43 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/09/21 18:41:30 | 016,825,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
MOD - [2014/09/13 11:11:24 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/09/13 11:11:24 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/09/09 13:47:26 | 000,146,016 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll
MOD - [2014/09/09 13:47:14 | 000,056,928 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll
MOD - [2014/09/09 13:47:08 | 000,121,952 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll
MOD - [2014/09/09 13:46:58 | 000,048,224 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll
MOD - [2014/09/09 13:46:44 | 000,104,032 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll
MOD - [2014/09/09 13:46:28 | 000,111,200 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll
MOD - [2014/09/09 13:46:14 | 000,074,848 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll
MOD - [2014/09/09 13:45:30 | 000,133,216 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
MOD - [2014/07/21 04:38:42 | 000,393,728 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll
MOD - [2014/07/21 04:38:37 | 000,788,480 | ---- | M] () -- C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dll
MOD - [2012/09/12 23:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/06/17 19:11:58 | 001,699,384 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/06/17 19:00:10 | 012,286,520 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/13 11:11:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/11/13 15:33:52 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/10/14 17:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/13 11:11:41 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/09/13 11:11:25 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/09/13 11:11:25 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/09/13 11:11:25 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/09/13 11:11:25 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/09/13 11:11:25 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/09/13 11:11:25 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/09/13 11:11:25 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2012/09/21 14:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 14:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6D001133-A4BC-47CC-9303-2714F7419429}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{6D001133-A4BC-47CC-9303-2714F7419429}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293}: "URL" = http://en.wikipedia....h={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{6D001133-A4BC-47CC-9303-2714F7419429}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.co...st&type=odc089"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/yhs/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/09/11 02:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/11 02:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/13 11:11:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/07/27 15:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Extensions
[2014/09/13 11:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\extensions
[2014/08/12 19:55:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2014/08/12 19:55:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\extensions\[email protected]
[2014/09/13 11:28:27 | 000,009,405 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\searchplugins\yahoo-avast.xml
[2014/11/13 15:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/13 15:33:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/09/13 11:11:25 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KeePass Password Safe] C:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C0A339-160D-413F-B4F6-5C0D063A057C}: DhcpNameServer = 8.8.8.8 8.8.8.4 208.180.42.68
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/13 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/09 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/09 18:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/11/09 18:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/17 17:32:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/17 17:32:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/17 17:31:01 | 000,714,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/17 17:31:01 | 000,615,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/17 17:31:01 | 000,103,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/17 17:24:56 | 000,001,340 | ---- | M] () -- C:\Windows\tasks\QZXZO.job
[2014/11/17 17:24:56 | 000,001,336 | ---- | M] () -- C:\Windows\tasks\ICJ.job
[2014/11/17 17:24:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/17 17:24:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/11/17 17:24:42 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/24 16:22:30 | 000,002,116 | ---- | M] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
 
========== Files Created - No Company Name ==========
 
[2014/09/01 03:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\ICJ
[2014/09/01 03:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\QZXZO
[2014/02/15 15:08:19 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2014/02/15 14:41:26 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2014/02/15 14:41:26 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2014/02/15 14:41:05 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2014/02/15 14:41:05 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2014/02/15 14:40:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2014/02/15 14:40:26 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2014/02/15 14:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2014/02/15 14:40:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/02/15 14:40:20 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/11/09 20:15:31 | 000,005,632 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/09/11 02:55:45 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/09/11 02:55:45 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/13 11:12:07 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\AVAST Software
[2012/11/09 20:20:06 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\avidemux
[2014/08/12 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\KeePass
[2014/08/13 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Leadertech
[2012/11/09 15:53:44 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\OpenOffice.org
[2014/08/12 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Oracle
[2011/01/20 03:46:33 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\PictureMover
[2014/02/15 15:12:54 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\ScanSoft
[2014/09/27 22:19:40 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\SoftGrid Client
[2014/08/12 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Thunderbird
[2011/01/20 03:51:44 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
 

 

 


  • 0

Advertisements

#2
zep516
Posted 17 November 2014 - 08:01 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,092 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

When you ran OTL it creates 2 log reports OTL.TXT and Extra's .txt. You posted the OTL.TXT do you have the Extra's.txt ? It gets minimized to the taskbar.

If you can't find it please open OTL and under the registry group place a check mark in "ALL" re-run OTL and the Extra's log will be recreated. Please post it.

Then

Please provide these scans as well.

Please download Farbar Recovery Scan Tool and save it to your Desktop. 64Bit version for you.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
DXhound
Posted 17 November 2014 - 09:23 PM

DXhound

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hello zep516!  Thank you so much for the speedy reply.

 

I did not notice the "Extras.txt" file unitl after I made my original Post.  I have included it below along with the "FRST.txt" and "Addition.txt" from the Farbar Recovery Scan Tool.

 

 

Thanks for your time and knowledge to help me with this, zep516.

 

 

OTL Extras logfile created on: 11/17/2014 6:09:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\OTL by OldTimer
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 40.74% Memory free
5.50 Gb Paging File | 3.17 Gb Available in Paging File | 57.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 408.46 Gb Free Space | 69.94% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.47 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
 
Computer Name: HP-KITCHEN | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C95DB75-57E8-4505-85E2-F115235BCC70}" = rport=139 | protocol=6 | dir=out | app=system |
"{0FB70075-3474-4054-AF60-A47E05D77443}" = rport=445 | protocol=6 | dir=out | app=system |
"{108100D2-437B-4F77-BF65-CF621978D916}" = lport=2869 | protocol=6 | dir=in | app=system |
"{161EA364-80E6-488F-B01E-FDA2DDDF6902}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2702670C-4DD0-4753-B889-3583F89E9740}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A0C487D-8604-4CFA-AB5B-0EF4227D7D70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{437CD0E7-5353-4366-B296-9F91B7501A4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FE90B34-EC5E-4F7C-9DA7-765C2C9EA786}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5414E18C-1B70-4D8C-BF05-8B739DEA6109}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5859064F-9251-4609-AA16-7B5491C75A24}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6038D915-37AD-48F9-97D6-8AC81557D524}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A95518A-7A9E-43F5-A7D1-E0CDA657D146}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8EB8C6B2-C036-4EAB-B240-A792911020FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{96376B7D-3946-40C3-9637-55D01CB4A169}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{97E90E20-94C3-4C55-AABD-518BDC7B1D81}" = lport=138 | protocol=17 | dir=in | app=system |
"{B5D66044-FF8E-4768-B895-54FBBDB1102A}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{D1845C72-8FF7-433C-B21C-77ADC3BEFEDF}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB53F965-7BB1-439D-B0FD-621625F63D29}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC0D610C-F707-40CA-8AAA-4B21C8636CB3}" = rport=138 | protocol=17 | dir=out | app=system |
"{DC42A074-0A31-4443-83F1-7BFD307D88BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1047F6F-EA63-46CA-BFF3-51B0FECC6B1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F24A2179-31B4-4517-BA51-CD23C0E112D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F24D0B70-CC12-4374-95C2-4EE5D1F344D6}" = lport=137 | protocol=17 | dir=in | app=system |
"{F290B178-7112-46D4-8933-41AD6DF63E85}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2EEC8A1-AAF3-4A7E-8BD1-31C030E9954F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F64DDA25-DE14-4C40-A7F1-70BD243E26A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F5D782-BCF4-499B-AB90-96F569862420}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{0D58ADD3-0251-4C8C-9E70-3635A8E5D6CD}" = protocol=58 | dir=in | [email protected],-28545 |
"{0E0BFB3F-3F55-4E24-A04F-25D7B21511DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17547CBD-D357-4599-AD79-7304DDC27DE5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{1AADE1D1-4689-4468-86B9-B36F041223A7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{1D2A4BAC-2FE5-48AE-9947-3CAA2F622D3C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1D537B9F-210F-4B73-A3B7-AC1321FF9D18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28852CBB-0E3B-4731-B019-53F24FF2D8EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CB7D0DF-9E0F-4CBD-B128-CDF5640EC72E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2CE7BF3F-A334-4464-9853-761299ACB58D}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{2D5F7FD6-9791-4747-8D28-0608A88588F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{35553203-74B5-46AD-B6EA-6EE212988996}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FA95E3C-1ADE-4C74-9385-D4F6A59277AC}" = protocol=6 | dir=out | app=system |
"{4067F2C8-D9D1-4D84-BEB0-147981006C1F}" = protocol=1 | dir=out | [email protected],-28544 |
"{4ED5F2B3-E448-47D4-A4DA-C7C7E9CBB050}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{5D92F777-07B9-4A86-8059-89426B5C4C45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FB34042-1026-4093-BA91-11A6879492B9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{621BAF04-C66E-4497-98DC-F4E8FF95142C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{72202BDD-CA61-4BB3-B611-77E932A1A834}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{7482607D-5244-42CA-A937-EF4BEAAB1154}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{76819BFA-3338-4B97-B22E-D2E1343617F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7ADCF604-C1E7-4C87-83B0-663C39D14A54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7CEEBB03-358B-41E8-843F-4294CC28F44D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80B03212-BEFA-436A-9570-609D5D420B89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{894BA546-3005-49F7-BE43-AA7B530253DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{91754100-4C90-4054-8FC2-31A974663722}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{95141133-1C27-49D5-9E58-FA04E2857248}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{A3ED2445-1298-447A-80A1-EF4C15C18BCF}" = protocol=58 | dir=out | [email protected],-28546 |
"{A749B159-1E11-49A6-9A91-406E574D384A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC38DC79-122A-489F-B0AA-16599CC71D08}" = protocol=1 | dir=in | [email protected],-28543 |
"{BE9C812E-A681-4FF7-A07B-0A2C46AC5616}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C3944ED5-C874-4F1F-9963-89555009DF6F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{D60680AD-F4F6-4921-931E-14DB0339AF6A}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{DB306575-0ECE-4AFC-93E7-B620B215AEAC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{DE8420D5-796E-4C15-A391-867F1EAE78C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFC95DB9-251E-40AF-AB34-094C4588CDC6}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{F1D42AE1-ABFD-4E05-BA34-995A0060709E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F520F132-1EB0-46CE-A45E-BEDCF0A8047C}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"Mozilla Thunderbird 31.2.0 (x86 en-US)" = Mozilla Thunderbird 31.2.0 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/27/2014 9:19:55 AM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/27/2014 3:11:11 PM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/27/2014 3:12:05 PM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/27/2014 3:35:24 PM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/27/2014 5:44:01 PM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/27/2014 10:18:58 PM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/28/2014 8:38:05 AM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/28/2014 8:48:24 AM | Computer Name = HP-Kitchen | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 9/28/2014 9:59:41 AM | Computer Name = HP-Kitchen | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 9/28/2014 10:00:33 AM | Computer Name = HP-Kitchen | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
 file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 on line 2.  Invalid Xml syntax.
 
[ Hewlett-Packard Events ]
Error - 8/25/2014 12:05:45 PM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
 Support Framework\Logs\Temp\HPSA\HPSASession_201408251205.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamWriter.CreateFile(String path, Boolean append)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding)     at System.IO.File.WriteAllText(String
 path, String contents, Encoding encoding)     at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/1/2014 10:16:25 AM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
 Support Framework\Logs\Temp\HPSA\HPSASession_201409011016.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamWriter.CreateFile(String path, Boolean append)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding)     at System.IO.File.WriteAllText(String
 path, String contents, Encoding encoding)     at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/8/2014 9:55:00 AM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
 Support Framework\Logs\Temp\HPSA\HPSASession_201409080955.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamWriter.CreateFile(String path, Boolean append)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding)     at System.IO.File.WriteAllText(String
 path, String contents, Encoding encoding)     at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/15/2014 2:53:06 PM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
 Support Framework\Logs\Temp\HPSA\HPSASession_201409151453.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamWriter.CreateFile(String path, Boolean append)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding)     at System.IO.File.WriteAllText(String
 path, String contents, Encoding encoding)     at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/22/2014 9:09:37 AM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
 Support Framework\Logs\Temp\HPSA\HPSASession_201409220909.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamWriter.CreateFile(String path, Boolean append)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding)     at System.IO.File.WriteAllText(String
 path, String contents, Encoding encoding)     at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/24/2014 6:03:41 PM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
 Support Framework\Logs\Temp\HPSA\HPSASession_201409241803.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamWriter.CreateFile(String path, Boolean append)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding)     at System.IO.File.WriteAllText(String
 path, String contents, Encoding encoding)     at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/29/2014 12:39:35 PM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find a part of the path 'C:\ProgramData\Hewlett-Packard\HP
 Support Framework\Logs\Temp\HPSA\HPSASession_201409291239.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)     at
System.IO.StreamWriter.CreateFile(String path, Boolean append)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding)     at System.IO.File.WriteAllText(String
 path, String contents, Encoding encoding)     at HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 10/24/2014 4:32:20 PM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description =
 
Error - 11/6/2014 11:11:00 AM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description =
 
Error - 11/10/2014 10:15:29 AM | Computer Name = HP-Kitchen | Source = Hewlett-Packard | ID = 0
Description =
 
[ System Events ]
Error - 9/12/2014 9:06:40 AM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Server service, but this action
 failed with the following error:   %%1056
 
Error - 9/12/2014 9:07:40 AM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Management Instrumentation
 service, but this action failed with the following error:   %%1056
 
Error - 9/12/2014 9:07:40 AM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Multimedia Class Scheduler
 service, but this action failed with the following error:   %%1056
 
Error - 9/13/2014 12:23:19 PM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
 Backup (MyPC Backup) service to connect.
 
Error - 9/13/2014 12:23:19 PM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
 following error:   %%1053
 
Error - 9/13/2014 12:27:17 PM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
 Backup (MyPC Backup) service to connect.
 
Error - 9/13/2014 12:27:17 PM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
 following error:   %%1053
 
Error - 9/21/2014 9:20:13 PM | Computer Name = HP-Kitchen | Source = DCOM | ID = 10010
Description =
 
Error - 9/21/2014 9:20:13 PM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the lmhosts service.
 
Error - 9/24/2014 4:46:11 PM | Computer Name = HP-Kitchen | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the lmhosts service.
 
 
< End of report >
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Evelyn (administrator) on HP-KITCHEN on 17-11-2014 22:12:19
Running from C:\Downloads\Farbar Recovery Scan Tool
Loaded Profile: Evelyn (Available profiles: Evelyn)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe [243544 2010-04-13] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-13] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\...\Run: [KeePass Password Safe] => C:\Program Files (x86)\KeePass Password Safe\KeePass.exe [2000384 2012-09-01] (Dominik Reichl)
HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-21] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM -> {8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM -> {CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-2859361257-3486943005-2507746264-1000 -> {3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2859361257-3486943005-2507746264-1000 -> {8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2859361257-3486943005-2507746264-1000 -> {CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293} URL = http://en.wikipedia....h={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.4 208.180.42.68

FireFox:
========
FF ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.yahoo.co...ast&type=odc089
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2859361257-3486943005-2507746264-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF SearchPlugin: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\searchplugins\yahoo-avast.xml
FF Extension: Cooliris - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\Extensions\[email protected] [2014-08-12]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010-09-11]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-09-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-13]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-13] (AVAST Software)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-10] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-13] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 22:12 - 2014-11-17 22:12 - 00000000 ____D () C:\FRST
2014-11-17 19:43 - 2014-11-17 19:43 - 01668928 _____ (CompuClever Systems Inc.) C:\Users\Evelyn\Downloads\Unconfirmed 835002.crdownload
2014-11-17 19:41 - 2014-11-17 19:41 - 01668928 _____ (CompuClever Systems Inc.) C:\Users\Evelyn\Downloads\Unconfirmed 539029.crdownload
2014-11-17 16:16 - 2014-11-17 16:16 - 00253781 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 686159.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00342982 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 261311.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00299280 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 859083.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00299280 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 255607.crdownload
2014-11-14 10:19 - 2014-11-14 10:19 - 00170956 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 599022.crdownload
2014-11-13 15:33 - 2014-11-13 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 17:08 - 2014-11-12 17:08 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 963323.crdownload
2014-11-12 16:32 - 2014-11-12 16:32 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 366177.crdownload
2014-11-12 16:30 - 2014-11-12 16:30 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 644694.crdownload
2014-11-12 16:30 - 2014-11-12 16:30 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 378915.crdownload
2014-11-12 16:29 - 2014-11-12 16:29 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 735447.crdownload
2014-11-12 16:28 - 2014-11-12 16:28 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 71714.crdownload
2014-11-12 14:33 - 2014-11-12 14:33 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 454724.crdownload
2014-11-12 13:38 - 2014-11-12 13:38 - 00078456 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 737003.crdownload
2014-11-12 09:35 - 2014-11-12 09:35 - 00750544 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 194250.crdownload
2014-11-10 21:17 - 2014-11-10 21:17 - 00017784 _____ () C:\Users\Evelyn\Downloads\news-1.rss
2014-11-10 20:41 - 2014-11-10 20:41 - 00843088 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 570767.crdownload
2014-11-10 19:56 - 2014-11-10 19:56 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 623798.crdownload
2014-11-10 19:53 - 2014-11-10 19:53 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 153453.crdownload
2014-11-10 19:52 - 2014-11-10 19:52 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 61360.crdownload
2014-11-10 19:52 - 2014-11-10 19:52 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 324804.crdownload
2014-11-10 19:51 - 2014-11-10 19:51 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 711239.crdownload
2014-11-10 19:51 - 2014-11-10 19:51 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 451489.crdownload
2014-11-10 19:50 - 2014-11-10 19:50 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 11541.crdownload
2014-11-09 20:46 - 2014-11-09 20:46 - 00898600 _____ ( ) C:\Users\Evelyn\Downloads\Unconfirmed 859402.crdownload
2014-11-09 18:30 - 2014-11-09 18:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-09 18:30 - 2014-11-09 18:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-09 18:30 - 2014-11-09 18:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-09 18:30 - 2014-11-09 18:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-09 18:30 - 2014-11-09 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-09 18:30 - 2014-11-09 18:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-08 14:23 - 2014-11-08 14:23 - 00898600 _____ ( ) C:\Users\Evelyn\Downloads\Unconfirmed 125711.crdownload
2014-11-06 18:55 - 2014-11-06 18:55 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 29971.crdownload
2014-11-06 18:51 - 2014-11-06 18:51 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 442657.crdownload
2014-11-06 18:50 - 2014-11-06 18:50 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 217862.crdownload
2014-11-06 14:37 - 2014-11-06 14:37 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 326057.crdownload
2014-11-06 14:36 - 2014-11-06 14:36 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 233852.crdownload
2014-11-06 14:34 - 2014-11-06 14:34 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 657952.crdownload
2014-11-06 13:54 - 2014-11-06 13:54 - 00754512 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 194240.crdownload

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-17 19:17 - 2014-09-13 11:18 - 00001336 _____ () C:\Windows\Tasks\ICJ.job
2014-11-17 18:46 - 2009-07-13 23:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-17 18:46 - 2009-07-13 23:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-17 17:31 - 2009-07-14 00:13 - 00714754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 17:28 - 2010-09-11 02:08 - 00483935 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 17:24 - 2014-09-13 11:17 - 00001340 _____ () C:\Windows\Tasks\QZXZO.job
2014-11-17 17:24 - 2014-08-13 16:17 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-11-17 17:24 - 2012-07-27 15:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-17 17:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-17 17:24 - 2009-07-13 23:51 - 00039221 _____ () C:\Windows\setupact.log
2014-11-13 09:20 - 2014-09-13 11:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-09 18:30 - 2014-02-06 20:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-24 16:22 - 2014-10-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Some content of TEMP:
====================
C:\Users\Evelyn\AppData\Local\Temp\BackupSetup.exe
C:\Users\Evelyn\AppData\Local\Temp\COMAP.EXE
C:\Users\Evelyn\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Evelyn\AppData\Local\Temp\ydetect.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 12:17

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Evelyn at 2014-11-17 22:13:18
Running from C:\Downloads\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-09-2014 16:09:42 avast! antivirus system restore point
23-09-2014 00:09:14 Scheduled Checkpoint
24-09-2014 13:37:58 HPSF Restore Point
08-10-2014 01:06:52 Scheduled Checkpoint
06-11-2014 17:24:44 Scheduled Checkpoint
09-11-2014 23:29:11 Installed Java 7 Update 71

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02A0EF55-BFF8-403B-8E9A-A504AEE71160} - System32\Tasks\Idle-#-Crawler Runner => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: {3E92BA49-58F4-4F70-9DFA-CFBAC323E6F6} - System32\Tasks\ICJ => C:\Users\Evelyn\AppData\Roaming\ICJ.exe <==== ATTENTION
Task: {63E4176A-2A47-4B5E-BF5D-43027EC7F6A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-07] (Microsoft)
Task: {69E951CD-A22F-4FD1-9C9B-7B5A66F11831} - System32\Tasks\QZXZO => C:\Users\Evelyn\AppData\Roaming\QZXZO.exe <==== ATTENTION
Task: {6D640D5E-1916-4ABF-BF88-B840BD54BDF5} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {79469CA5-19BF-4D93-87A5-FA1E2919C9D4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-13] (AVAST Software)
Task: {86BF7F4C-D2B2-4FC5-8426-0F8FC0E13CE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-10] (Hewlett-Packard Company)
Task: {8F29D7E1-307A-4784-A0BD-84FBECA13959} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {976EAB81-2C28-46F5-AB05-0E7BD52A8634} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-07] (Microsoft)
Task: {9956FFB6-664D-4967-88E6-146C364544E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-10] (Hewlett-Packard Company)
Task: {A6424191-0B47-4986-B75C-1497E50EEB7B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F2C46006-BB73-43AD-818D-1A2F01ABBC6E} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-#-Crawler Update => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: C:\Windows\Tasks\ICJ.job => C:\Users\Evelyn\AppData\Roaming\ICJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\QZXZO.job => C:\Users\Evelyn\AppData\Roaming\QZXZO.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-15 14:40 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-09-09 13:45 - 2014-09-09 13:45 - 00133216 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
2014-09-13 11:11 - 2014-09-13 11:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-17 13:41 - 2014-11-17 13:41 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111701\algo.dll
2011-01-20 03:46 - 2010-06-17 19:00 - 12286520 _____ () C:\Users\Evelyn\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2011-01-20 03:46 - 2010-06-17 19:11 - 01699384 _____ () C:\Users\Evelyn\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2014-02-15 14:40 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-09-13 11:11 - 2014-09-13 11:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00104032 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00074848 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00048224 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00056928 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00146016 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00121952 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00111200 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll
2014-11-13 15:33 - 2014-11-13 15:33 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-14 20:14 - 2014-10-14 20:14 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-10-14 20:14 - 2014-10-14 20:14 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-10-14 20:14 - 2014-10-14 20:14 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-10-07 17:50 - 2014-07-21 04:38 - 00393728 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-10-07 17:50 - 2014-07-21 04:38 - 00788480 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dll
2014-10-07 17:50 - 2013-12-03 21:48 - 13586896 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2859361257-3486943005-2507746264-500 - Administrator - Disabled)
Evelyn (S-1-5-21-2859361257-3486943005-2507746264-1000 - Administrator - Enabled) => C:\Users\Evelyn
Guest (S-1-5-21-2859361257-3486943005-2507746264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2859361257-3486943005-2507746264-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2014 01:51:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/15/2014 05:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Idle-#-Crawler.exe, version: 0.0.0.0, time stamp: 0x540f4747
Faulting module name: kernel32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbde
Exception code: 0xc00000fd
Fault offset: 0x00011928
Faulting process id: 0x134c
Faulting application start time: 0xIdle-#-Crawler.exe0
Faulting application path: Idle-#-Crawler.exe1
Faulting module path: Idle-#-Crawler.exe2
Report Id: Idle-#-Crawler.exe3

Error: (11/15/2014 03:47:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/14/2014 09:31:56 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/13/2014 03:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Idle-#-Crawler.exe, version: 0.0.0.0, time stamp: 0x540f4747
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc00000fd
Fault offset: 0x0001fa6b
Faulting process id: 0x216c
Faulting application start time: 0xIdle-#-Crawler.exe0
Faulting application path: Idle-#-Crawler.exe1
Faulting module path: Idle-#-Crawler.exe2
Report Id: Idle-#-Crawler.exe3

Error: (11/13/2014 09:29:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/12/2014 10:34:53 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/12/2014 10:33:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/12/2014 08:52:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 05:27:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).


System errors:
=============
Error: (11/14/2014 07:16:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (09/24/2014 03:46:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (09/21/2014 08:20:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (09/21/2014 08:20:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/13/2014 11:27:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (09/13/2014 11:27:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (09/13/2014 11:23:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (09/13/2014 11:23:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (09/12/2014 08:07:40 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error:
%%1056

Error: (09/12/2014 08:07:40 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056


Microsoft Office Sessions:
=========================
Error: (11/17/2014 01:51:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/15/2014 05:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Idle-#-Crawler.exe0.0.0.0540f4747kernel32.dll6.1.7600.163854a5bdbdec00000fd00011928134c01d00113ffcd57e5C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exeC:\Windows\syswow64\kernel32.dll9d542be6-6d17-11e4-8838-d485649ff0d0

Error: (11/15/2014 03:47:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/14/2014 09:31:56 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/13/2014 03:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Idle-#-Crawler.exe0.0.0.0540f4747ntdll.dll6.1.7600.163854a5bdb3bc00000fd0001fa6b216c01cfff7e61646974C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exeC:\Windows\SysWOW64\ntdll.dllab2c6169-6b72-11e4-a74c-d485649ff0d0

Error: (11/13/2014 09:29:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/12/2014 10:34:53 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2

Error: (11/12/2014 10:33:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/12/2014 08:52:09 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/11/2014 05:27:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 76%
Total physical RAM: 2815.29 MB
Available physical RAM: 664.58 MB
Total Pagefile: 5628.71 MB
Available Pagefile: 2058.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:406.43 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 917BAFD3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
zep516
Posted 17 November 2014 - 10:16 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,092 posts
Hello,

We need to do a fix in OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[2014/11/17 17:24:56 | 000,001,340 | ---- | M] () -- C:\Windows\tasks\QZXZO.job
[2014/11/17 17:24:56 | 000,001,336 | ---- | M] () -- C:\Windows\tasks\ICJ.job
[2014/09/01 03:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\ICJ
[2014/09/01 03:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Evelyn\AppData\Roaming\QZXZO
IE - HKCU\..\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
O4 - HKLM..\Run: []  File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

:Files
ipconfig /flushdns /c
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dllC:\Windows\tasks\QZXZO.job
C:\Windows\tasks\ICJ.job

:Commands

[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:
  • The OTL Fix log, after running the fix and the computer reboots that log will pop up.
  • Post a New OTL after quick scan
Joe
  • 0

#5
DXhound
Posted 17 November 2014 - 11:23 PM

DXhound

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Joe,

 

     Thanks again for such a prompt reply.  I followed your instructions and ran OTL as Administrator, pasted in the text, closed all windows, and clicked the RUN FIX button - but I ran into a snag.  OTL executed until the only thing showing in the OTL Custom Scans/Fixes box was:

 

[emptytemp]
[resethosts]

 

     Nothing seemed to happen for several minutes although the harddrive light continued flashing.  I went out of the room for about 10 minutes and when I returned, I found this warning:

 

OTL Has Stopped Working.png

 

     I clicked on "Check Online for a solution and close the program" and after several seconds, the program closed.  As per your earlier instructions, ". . . if something unexpected happens, don't continue Stop and ask!", I just stopped doing anything and Posted this reply.  I'm sure you will tell me what to do now.

 

     One thing I did notice when pasting in the text was that there was no carriage return after the last line - [resethosts].  I don't know if that means anything or not.

 

 

Clark

 


  • 0

#6
zep516
Posted 17 November 2014 - 11:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,092 posts
Hello,

The only thing I can suggest is to try it again, might have to right click on OTL delete it and re-download it. If we can't get it to work we will just use FRST.

Joe
  • 0

#7
DXhound
Posted 18 November 2014 - 11:41 AM

DXhound

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi Joe,

 

     When I turned on the computer this morning, I was greated by an "Open File Security Warning."

 

OTL Open File Warning.png

 

     I clicked on "Run" and a Notepad window popped up with a list of "Folders Moved on Reboot" in it.  I have attached that file at the bottom of this Post.

 

     Since that appears to be what you were looking for from the "Run Fix" operation of OTL, I continued with your next to last instructions and ran another "Quick Scan" with OTL.  That log is also attached below.

 

     Thanks again for your help with this!

 

 

Clark

 

Files\Folders moved on Reboot...
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FF8D4FB1-92EC-4483-B1C0-7942CB940B9E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\JT6F84H4\macromedia.com\support\flashplayer\sys\#www.herdailyvideos.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FF8D4FB1-92EC-4483-B1C0-7942CB940B9E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\JT6F84H4\macromedia.com\support\flashplayer\sys\#static-cdn.burstmedia.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FF8D4FB1-92EC-4483-B1C0-7942CB940B9E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\JT6F84H4\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FF8D4FB1-92EC-4483-B1C0-7942CB940B9E}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\JT6F84H4\cdata.carambo.la\Layer\Prod\client\CarambolaClient_v3.5.0.2.swf\CbolaMain.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FED17B74-59E5-4732-BB2C-9889DF41F872}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\6EW3NDRP\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FEC9E455-EC1A-46F1-9A7D-4AFC89F38324}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G62AZZTQ\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FC5821A8-A4D1-46AD-9DD7-6790F1B2593F}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\TDAHRAAE\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FC40476B-ACC6-4376-BC14-67CD03A6AEA7}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QAK82JJV\theuppe#\rcut.thesyndicationserver.co.uk\US_FARM#\__STREMING_CLIENT_ID_COOKIE.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FC40476B-ACC6-4376-BC14-67CD03A6AEA7}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QAK82JJV\theoceansoc#\iety.thesyndicationserver.co.uk\##AB663E713C816A36\00000001.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FC40476B-ACC6-4376-BC14-67CD03A6AEA7}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QAK82JJV\theoceansoc#\iety.thesyndicationserver.co.uk\##77BD01364D7C7890\00000001.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FC40476B-ACC6-4376-BC14-67CD03A6AEA7}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QAK82JJV\theoceansoc#\iety.thesyndicationserver.co.uk\##34E2281861FF2E47\00000001.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FC40476B-ACC6-4376-BC14-67CD03A6AEA7}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QAK82JJV\theoceansoc#\iety.thesyndicationserver.co.uk\HIRO_NETWORK_CAPPING_COOKIE.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FC40476B-ACC6-4376-BC14-67CD03A6AEA7}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\QAK82JJV\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FBEFDD79-1EE2-48DF-A606-BB27B520DD3A}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HCU69MAT\macromedia.com\support\flashplayer\sys\#tag.coffeetable.hiro.tv\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FBEFDD79-1EE2-48DF-A606-BB27B520DD3A}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HCU69MAT\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FBBFA342-2554-4D75-9772-1661C46E95C7}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FM5Y79YE\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FAE8C264-5D41-415D-8EAA-3DEA84BD3441}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DYK7TPHY\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FA59A7C2-5D02-4930-8C85-3EA7BB630511}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C3Q5YZ6B\vplayerf.dailyrx.com\f#\lowplayer.commercial-3.2.16.swf\org.flowplayer.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FA59A7C2-5D02-4930-8C85-3EA7BB630511}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C3Q5YZ6B\macromedia.com\support\flashplayer\sys\#core.insightexpressai.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{FA59A7C2-5D02-4930-8C85-3EA7BB630511}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\C3Q5YZ6B\macromedia.com\support\flashplayer\sys\#besttv27.cdn.it.best-tv.com\settings.sol not found!
File\Folder C:\Users\Evelyn\AppData\Local\Temp\{AD4A1B98-CFB4-48E5-9975-83020FF89418}\{F9DF6AF3-6B1C-4D62-B49C-871ECCDF36ED}\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9PT5CNZA\macromedia.com\support\flashplayer\sys\#besttv39.cdn.it.best-tv.com\settings.sol not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

 

OTL logfile created on: 11/18/2014 11:17:52 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\OTL by OldTimer
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 45.96% Memory free
5.50 Gb Paging File | 3.67 Gb Available in Paging File | 66.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 409.84 Gb Free Space | 70.18% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.47 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
 
Computer Name: HP-KITCHEN | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/17 23:30:19 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
PRC - [2014/11/17 18:08:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL by OldTimer\OTL.exe
PRC - [2014/11/13 15:33:53 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/13 11:11:43 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/09/13 11:11:24 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/06/17 18:59:40 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 22:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
PRC - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/10/14 17:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/17 23:30:18 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014/11/13 15:33:52 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/13 11:11:24 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/09/13 11:11:24 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2012/09/12 23:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/12 23:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/06/17 19:11:58 | 001,699,384 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/06/17 19:00:10 | 012,286,520 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/13 11:11:24 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/11/13 15:33:52 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/06/12 20:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/10/14 17:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/13 11:11:41 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/09/13 11:11:25 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/09/13 11:11:25 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/09/13 11:11:25 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/09/13 11:11:25 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/09/13 11:11:25 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/09/13 11:11:25 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/09/13 11:11:25 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2012/09/21 14:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 14:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6D001133-A4BC-47CC-9303-2714F7419429}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6D001133-A4BC-47CC-9303-2714F7419429}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293}: "URL" = http://en.wikipedia....h={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6D001133-A4BC-47CC-9303-2714F7419429}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.co...st&type=odc089"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "https://search.yahoo.com/yhs/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/09/11 02:37:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/11 02:37:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/09/13 11:11:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/07/27 15:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Extensions
[2014/09/13 11:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\extensions
[2014/08/12 19:55:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2014/08/12 19:55:07 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\extensions\[email protected]
[2014/09/13 11:28:27 | 000,009,405 | ---- | M] () -- C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\searchplugins\yahoo-avast.xml
[2014/11/13 15:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/13 15:33:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/09/13 11:11:25 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KeePass Password Safe] C:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C0A339-160D-413F-B4F6-5C0D063A057C}: DhcpNameServer = 8.8.8.8 8.8.8.4 208.180.42.68
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/17 23:37:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/17 22:12:10 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/13 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/09 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/09 18:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/11/09 18:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/18 11:08:52 | 000,034,169 | ---- | M] () -- C:\Users\Evelyn\Desktop\OTL Open File Warning.png
[2014/11/18 08:46:38 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/18 08:46:38 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/18 08:43:40 | 000,714,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/18 08:43:40 | 000,615,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/18 08:43:40 | 000,103,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/18 08:39:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/18 08:39:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2014/11/18 08:39:03 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/18 00:11:04 | 000,031,377 | ---- | M] () -- C:\Users\Evelyn\Desktop\OTL Has Stopped Working.png
[2014/11/17 18:39:55 | 000,010,009 | ---- | M] () -- C:\Users\Evelyn\Desktop\Chrome Malware Alert.png
[2014/10/24 16:22:30 | 000,002,116 | ---- | M] () -- C:\Users\Evelyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
 
========== Files Created - No Company Name ==========
 
[2014/11/18 11:08:52 | 000,034,169 | ---- | C] () -- C:\Users\Evelyn\Desktop\OTL Open File Warning.png
[2014/11/18 00:11:03 | 000,031,377 | ---- | C] () -- C:\Users\Evelyn\Desktop\OTL Has Stopped Working.png
[2014/11/17 18:39:54 | 000,010,009 | ---- | C] () -- C:\Users\Evelyn\Desktop\Chrome Malware Alert.png
[2014/02/15 15:08:19 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2014/02/15 14:41:26 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2014/02/15 14:41:26 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2014/02/15 14:41:05 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2014/02/15 14:41:05 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2014/02/15 14:40:27 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2014/02/15 14:40:26 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2014/02/15 14:40:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2014/02/15 14:40:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014/02/15 14:40:20 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/11/09 20:15:31 | 000,005,632 | ---- | C] () -- C:\Users\Evelyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/09/11 02:55:45 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/09/11 02:55:45 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/13 11:12:07 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\AVAST Software
[2012/11/09 20:20:06 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\avidemux
[2014/08/12 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\KeePass
[2014/08/13 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Leadertech
[2012/11/09 15:53:44 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\OpenOffice.org
[2014/08/12 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Oracle
[2011/01/20 03:46:33 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\PictureMover
[2014/02/15 15:12:54 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\ScanSoft
[2014/09/27 22:19:40 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\SoftGrid Client
[2014/08/12 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\Thunderbird
[2011/01/20 03:51:44 | 000,000,000 | ---D | M] -- C:\Users\Evelyn\AppData\Roaming\TP
 
========== Purity Check ==========
 
 

< End of report >
 

 

 

 


  • 0

#8
zep516
Posted 18 November 2014 - 09:19 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,092 posts
Hello,

Sorry for some delay, just got on. Let me have a moment to look at log please. OTL seems to be acting up for you. We will use FRST for the next instructions.

You can right click on the OTL Icon and delete it, we will not be using it anymore.

This is the header from the FRST Log you posted in the quote box. Please notice Downloads.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Evelyn (administrator) on HP-KITCHEN on 17-11-2014 22:12:19
Running from C:\Downloads\Farbar Recovery Scan Tool


That tells me FRST is running from the downloads folder. FRST must be on the desktop for it to work, meaning to fix anything and we have fixing to do and I can't fix anything with FRST in the downloads folder. Lets move it to the desktop.

To do that:
Please navigate to C:\Downloads Open the downloads folder right click on FRST, choose cut, now on the desktop right click on an empty space and choose paste, FRST should now be on the desktop.

Let me know when those exercises are done and we will proceed with a fix using FRST.
  • 0

#9
DXhound
Posted 18 November 2014 - 11:03 PM

DXhound

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Joe,

 

     Not a problem.  I have been busy myself tonight.

 

     OK, I have deleted the OTL.exe program from the computer. 

 

     It's now past midnight for me so I'll be going to bed and will look for your response tomorrow.  Thanks again.

 

 

Clark


  • 0

#10
zep516
Posted 18 November 2014 - 11:06 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,092 posts
OK

bed for me too. I made an edit to the post so re-read, it's about moving FRST to the desktop...

Joe
  • 0

Advertisements

#11
DXhound
Posted 18 November 2014 - 11:19 PM

DXhound

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Joe,

 

     I checked back on the Forum before actually shutting off the computer and saw your edit.  I have now moved FRST to the desktop.  Maybe the issue with OTL was because I was also running it from the Downloads folder.  I'll try to follow future instructions more carefully.

 

     I look forward to hearing from you later today.

 

 

Clark


  • 0

#12
zep516
Posted 18 November 2014 - 11:27 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,092 posts
OTL can act up on some machines, I'll give you the fix now but don't do it if you're tired like I am. Wait till you're fresh, it's a little different then OTL


Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
() C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 -> {3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2859361257-3486943005-2507746264-1000 -> {3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A} URL = http://www.ask.com/w...}&l=dis&o=ushpd
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
2014-11-17 19:17 - 2014-09-13 11:18 - 00001336 _____ () C:\Windows\Tasks\ICJ.job
2014-11-17 17:24 - 2014-09-13 11:17 - 00001340 _____ () C:\Windows\Tasks\QZXZO.job
C:\Users\Evelyn\AppData\Local\Temp\BackupSetup.exe
C:\Users\Evelyn\AppData\Local\Temp\COMAP.EXE
C:\Users\Evelyn\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Evelyn\AppData\Local\Temp\ydetect.exe
Task: {02A0EF55-BFF8-403B-8E9A-A504AEE71160} - System32\Tasks\Idle-#-Crawler Runner => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: {3E92BA49-58F4-4F70-9DFA-CFBAC323E6F6} - System32\Tasks\ICJ => C:\Users\Evelyn\AppData\Roaming\ICJ.exe <==== ATTENTION
Task: {69E951CD-A22F-4FD1-9C9B-7B5A66F11831} - System32\Tasks\QZXZO => C:\Users\Evelyn\AppData\Roaming\QZXZO.exe <==== ATTENTION
Task: {F2C46006-BB73-43AD-818D-1A2F01ABBC6E} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-#-Crawler Update => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: C:\Windows\Tasks\ICJ.job => C:\Users\Evelyn\AppData\Roaming\ICJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\QZXZO.job => C:\Users\Evelyn\AppData\Roaming\QZXZO.exe <==== ATTENTION
2014-09-09 13:46 - 2014-09-09 13:46 - 00104032 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00074848 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00048224 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00056928 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00146016 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00121952 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00111200 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll
2014-10-07 17:50 - 2014-07-21 04:38 - 00393728 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-10-07 17:50 - 2014-07-21 04:38 - 00788480 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dll
2014-10-07 17:50 - 2013-12-03 21:48 - 13586896 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\pepflashplayer.dll
2014-11-17 19:43 - 2014-11-17 19:43 - 01668928 _____ (CompuClever Systems Inc.) C:\Users\Evelyn\Downloads\Unconfirmed 835002.crdownload
2014-11-17 19:41 - 2014-11-17 19:41 - 01668928 _____ (CompuClever Systems Inc.) C:\Users\Evelyn\Downloads\Unconfirmed 539029.crdownload
2014-11-17 16:16 - 2014-11-17 16:16 - 00253781 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 686159.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00342982 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 261311.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00299280 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 859083.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00299280 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 255607.crdownload
2014-11-14 10:19 - 2014-11-14 10:19 - 00170956 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 599022.crdownload
2014-11-12 17:08 - 2014-11-12 17:08 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 963323.crdownload
2014-11-12 16:32 - 2014-11-12 16:32 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 366177.crdownload
2014-11-12 16:30 - 2014-11-12 16:30 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 644694.crdownload
2014-11-12 16:30 - 2014-11-12 16:30 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 378915.crdownload
2014-11-12 16:29 - 2014-11-12 16:29 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 735447.crdownload
2014-11-12 16:28 - 2014-11-12 16:28 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 71714.crdownload
2014-11-12 14:33 - 2014-11-12 14:33 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 454724.crdownload
2014-11-12 13:38 - 2014-11-12 13:38 - 00078456 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 737003.crdownload
2014-11-12 09:35 - 2014-11-12 09:35 - 00750544 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 194250.crdownload
2014-11-10 20:41 - 2014-11-10 20:41 - 00843088 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 570767.crdownload
2014-11-10 19:56 - 2014-11-10 19:56 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 623798.crdownload
2014-11-10 19:53 - 2014-11-10 19:53 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 153453.crdownload
2014-11-10 19:52 - 2014-11-10 19:52 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 61360.crdownload
2014-11-10 19:52 - 2014-11-10 19:52 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 324804.crdownload
2014-11-10 19:51 - 2014-11-10 19:51 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 711239.crdownload
2014-11-10 19:51 - 2014-11-10 19:51 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 451489.crdownload
2014-11-10 19:50 - 2014-11-10 19:50 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 11541.crdownload
2014-11-09 20:46 - 2014-11-09 20:46 - 00898600 _____ ( ) C:\Users\Evelyn\Downloads\Unconfirmed 859402.crdownload
2014-11-08 14:23 - 2014-11-08 14:23 - 00898600 _____ ( ) C:\Users\Evelyn\Downloads\Unconfirmed 125711.crdownload
2014-11-06 18:55 - 2014-11-06 18:55 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 29971.crdownload
2014-11-06 18:51 - 2014-11-06 18:51 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 442657.crdownload
2014-11-06 18:50 - 2014-11-06 18:50 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 217862.crdownload
2014-11-06 14:37 - 2014-11-06 14:37 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 326057.crdownload
2014-11-06 14:36 - 2014-11-06 14:36 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 233852.crdownload
2014-11-06 14:34 - 2014-11-06 14:34 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 657952.crdownload
2014-11-06 13:54 - 2014-11-06 13:54 - 00754512 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 194240.crdownload

Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply post:
  • Fixlog.txt
  • Then post a new FRST SCAN.
Thanks
Joe :)
  • 0

#13
DXhound
Posted 19 November 2014 - 06:58 PM

DXhound

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Joe,

 

     There was a bit of another issue this morning when I tried to power up the computer.  I pressed the "ON" button and walked away for about 10 minutes.  When I came back, the computer was OFF.  I pressed the "ON" button again, the computer lights came on, the monitor started to come awake, and then the computer shut itself OFF.  I waited a minute and tried again, this time the computer booted up normally.  This has never happened before.

 

     Still, once the computer was fully booted, I proceeded to follow your last instructions and copied the text from the code box into Notepad and saved it as "Fixlist.txt" on the desktop.  I then ran the Farbar Recovery Scan Tool (as Administrator) from the Desktop.  The program has been running continuously now for just over 9 hours.  The status line at the top of the program says "Fixing is in progress.  Please wait . . . " 

 

     Should it be taking this long?

 

 

Clark


  • 0

#14
zep516
Posted 19 November 2014 - 07:59 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,092 posts
9 Hours, No. More like 45 seconds. I'd shut down the computer Start > Shut down> Then power it back up.

Also just to be clear you said:

copied the text from the code box into Notepad and saved it as "Fixlist.txt" on the desktop. I then ran the Farbar Recovery Scan Tool (as Administrator) from the Desktop.

Once you save the Fixlist.txt you should have then:
press the Fix button just once and wait.

I'm sure that is what you did, I just need to confirm that.

Joe

Let me know when you shut down and are back to the desktop.
  • 0

#15
DXhound
Posted 19 November 2014 - 08:30 PM

DXhound

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Joe,

 

     Yes, you are correct, I DID press the Fix Button and that's when FRST began running.  I just did not state that clearly.

 

     I now tried to stop the Farbar Recovery Scan Tool by clicking on the Close Box (to no avail) so I used Windows Task Manager to stop the Application.  Then I did a normal Shut Down (Start > Shut down>).

 

     Upon re-boot, I saw the "Fixlog.txt" file on the Desktop.  It is included below.  I then went ahead and did a Scan with FRST and the two files it created ("FRST.txt" and "Addition.txt") are also included below.

 

 

Clark

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Evelyn at 2014-11-19 11:33:12 Run:1
Running from C:\Users\Evelyn\Desktop
Loaded Profile: Evelyn (Available profiles: Evelyn)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
() C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM-x32 -> {3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-2859361257-3486943005-2507746264-1000 -> {3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A} URL = http://www.ask.com/w...}&l=dis&o=ushpd
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
2014-11-17 19:17 - 2014-09-13 11:18 - 00001336 _____ () C:\Windows\Tasks\ICJ.job
2014-11-17 17:24 - 2014-09-13 11:17 - 00001340 _____ () C:\Windows\Tasks\QZXZO.job
C:\Users\Evelyn\AppData\Local\Temp\BackupSetup.exe
C:\Users\Evelyn\AppData\Local\Temp\COMAP.EXE
C:\Users\Evelyn\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Evelyn\AppData\Local\Temp\Quarantine.exe
C:\Users\Evelyn\AppData\Local\Temp\ydetect.exe
Task: {02A0EF55-BFF8-403B-8E9A-A504AEE71160} - System32\Tasks\Idle-#-Crawler Runner => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: {3E92BA49-58F4-4F70-9DFA-CFBAC323E6F6} - System32\Tasks\ICJ => C:\Users\Evelyn\AppData\Roaming\ICJ.exe <==== ATTENTION
Task: {69E951CD-A22F-4FD1-9C9B-7B5A66F11831} - System32\Tasks\QZXZO => C:\Users\Evelyn\AppData\Roaming\QZXZO.exe <==== ATTENTION
Task: {F2C46006-BB73-43AD-818D-1A2F01ABBC6E} - System32\Tasks\Microsoft\Windows\Maintenance\Idle-#-Crawler Update => %LOCALAPPDATA%\Idle-#-Crawler\Idle-#-Crawler.exe <==== ATTENTION
Task: C:\Windows\Tasks\ICJ.job => C:\Users\Evelyn\AppData\Roaming\ICJ.exe <==== ATTENTION
Task: C:\Windows\Tasks\QZXZO.job => C:\Users\Evelyn\AppData\Roaming\QZXZO.exe <==== ATTENTION
2014-09-09 13:46 - 2014-09-09 13:46 - 00104032 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00074848 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00048224 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00056928 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00146016 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll
2014-09-09 13:47 - 2014-09-09 13:47 - 00121952 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll
2014-09-09 13:46 - 2014-09-09 13:46 - 00111200 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll
2014-10-07 17:50 - 2014-07-21 04:38 - 00393728 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-10-07 17:50 - 2014-07-21 04:38 - 00788480 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dll
2014-10-07 17:50 - 2013-12-03 21:48 - 13586896 _____ () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\pepflashplayer.dll
2014-11-17 19:43 - 2014-11-17 19:43 - 01668928 _____ (CompuClever Systems Inc.) C:\Users\Evelyn\Downloads\Unconfirmed 835002.crdownload
2014-11-17 19:41 - 2014-11-17 19:41 - 01668928 _____ (CompuClever Systems Inc.) C:\Users\Evelyn\Downloads\Unconfirmed 539029.crdownload
2014-11-17 16:16 - 2014-11-17 16:16 - 00253781 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 686159.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00342982 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 261311.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00299280 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 859083.crdownload
2014-11-15 23:34 - 2014-11-15 23:34 - 00299280 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 255607.crdownload
2014-11-14 10:19 - 2014-11-14 10:19 - 00170956 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 599022.crdownload
2014-11-12 17:08 - 2014-11-12 17:08 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 963323.crdownload
2014-11-12 16:32 - 2014-11-12 16:32 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 366177.crdownload
2014-11-12 16:30 - 2014-11-12 16:30 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 644694.crdownload
2014-11-12 16:30 - 2014-11-12 16:30 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 378915.crdownload
2014-11-12 16:29 - 2014-11-12 16:29 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 735447.crdownload
2014-11-12 16:28 - 2014-11-12 16:28 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 71714.crdownload
2014-11-12 14:33 - 2014-11-12 14:33 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 454724.crdownload
2014-11-12 13:38 - 2014-11-12 13:38 - 00078456 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 737003.crdownload
2014-11-12 09:35 - 2014-11-12 09:35 - 00750544 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 194250.crdownload
2014-11-10 20:41 - 2014-11-10 20:41 - 00843088 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 570767.crdownload
2014-11-10 19:56 - 2014-11-10 19:56 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 623798.crdownload
2014-11-10 19:53 - 2014-11-10 19:53 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 153453.crdownload
2014-11-10 19:52 - 2014-11-10 19:52 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 61360.crdownload
2014-11-10 19:52 - 2014-11-10 19:52 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 324804.crdownload
2014-11-10 19:51 - 2014-11-10 19:51 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 711239.crdownload
2014-11-10 19:51 - 2014-11-10 19:51 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 451489.crdownload
2014-11-10 19:50 - 2014-11-10 19:50 - 00344312 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 11541.crdownload
2014-11-09 20:46 - 2014-11-09 20:46 - 00898600 _____ ( ) C:\Users\Evelyn\Downloads\Unconfirmed 859402.crdownload
2014-11-08 14:23 - 2014-11-08 14:23 - 00898600 _____ ( ) C:\Users\Evelyn\Downloads\Unconfirmed 125711.crdownload
2014-11-06 18:55 - 2014-11-06 18:55 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 29971.crdownload
2014-11-06 18:51 - 2014-11-06 18:51 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 442657.crdownload
2014-11-06 18:50 - 2014-11-06 18:50 - 00640536 _____ (© 2014 ClientConnect Ltd.) C:\Users\Evelyn\Downloads\Unconfirmed 217862.crdownload
2014-11-06 14:37 - 2014-11-06 14:37 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 326057.crdownload
2014-11-06 14:36 - 2014-11-06 14:36 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 233852.crdownload
2014-11-06 14:34 - 2014-11-06 14:34 - 02067368 _____ (InstallX, LLC) C:\Users\Evelyn\Downloads\Unconfirmed 657952.crdownload
2014-11-06 13:54 - 2014-11-06 13:54 - 00754512 _____ () C:\Users\Evelyn\Downloads\Unconfirmed 194240.crdownload

Emptytemp:
reboot:
end
*****************

Processes closed successfully.
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}" => Key not found.
"HKCR\Wow6432Node\CLSID\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}" => Key not found.
"HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}" => Key not found.
"HKCR\CLSID\{3A7A50E4-F316-42DE-A7FA-BACBD0CFBE0A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"C:\Windows\Tasks\ICJ.job" => File/Directory not found.
"C:\Windows\Tasks\QZXZO.job" => File/Directory not found.
C:\Users\Evelyn\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Evelyn\AppData\Local\Temp\ydetect.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02A0EF55-BFF8-403B-8E9A-A504AEE71160}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02A0EF55-BFF8-403B-8E9A-A504AEE71160}" => Key deleted successfully.
C:\Windows\System32\Tasks\Idle-#-Crawler Runner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle-#-Crawler Runner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E92BA49-58F4-4F70-9DFA-CFBAC323E6F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E92BA49-58F4-4F70-9DFA-CFBAC323E6F6}" => Key deleted successfully.
C:\Windows\System32\Tasks\ICJ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ICJ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69E951CD-A22F-4FD1-9C9B-7B5A66F11831}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69E951CD-A22F-4FD1-9C9B-7B5A66F11831}" => Key deleted successfully.
C:\Windows\System32\Tasks\QZXZO => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QZXZO" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2C46006-BB73-43AD-818D-1A2F01ABBC6E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2C46006-BB73-43AD-818D-1A2F01ABBC6E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle-#-Crawler Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle-#-Crawler Update" => Key deleted successfully.
C:\Windows\Tasks\ICJ.job not found.
C:\Windows\Tasks\QZXZO.job not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\ManXec.dll" => File/Directory not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmdProc.dll" => File/Directory not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\PrfIns.dll" => File/Directory not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WbSes.dll" => File/Directory not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WdcMan.dll" => File/Directory not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\WblSupp.dll" => File/Directory not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Modules\CmnUtls.dll" => File/Directory not found.
"C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ppGoogleNaClPluginChrome.dll" => File/Directory not found.
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\ffmpegsumo.dll => Moved successfully.
C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Chrome-bin\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 835002.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 539029.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 686159.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 261311.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 859083.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 255607.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 599022.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 963323.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 366177.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 644694.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 378915.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 735447.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 71714.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 454724.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 737003.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 194250.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 570767.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 623798.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 153453.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 61360.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 324804.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 711239.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 451489.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 11541.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 859402.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 125711.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 29971.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 442657.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 217862.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 326057.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 233852.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 657952.crdownload => Moved successfully.
C:\Users\Evelyn\Downloads\Unconfirmed 194240.crdownload => Moved successfully.
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Evelyn (administrator) on HP-KITCHEN on 19-11-2014 21:21:03
Running from C:\Users\Evelyn\Desktop
Loaded Profile: Evelyn (Available profiles: Evelyn)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Bing Bar] => C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe [243544 2010-04-13] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-13] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\...\Run: [KeePass Password Safe] => C:\Program Files (x86)\KeePass Password Safe\KeePass.exe [2000384 2012-09-01] (Dominik Reichl)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Evelyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...ast&type=odc089
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...ast&type=odc089
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM -> {CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 -> {8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKU\S-1-5-21-2859361257-3486943005-2507746264-1000 -> {8CAC0D6F-55D7-47E1-B7D5-A6737220A8BA} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2859361257-3486943005-2507746264-1000 -> {CAFA2C89-E2FF-4BD2-BE32-17BFB33D5293} URL = http://en.wikipedia....h={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.8.4 208.180.42.68

FireFox:
========
FF ProfilePath: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://www.yahoo.co...ast&type=odc089
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2859361257-3486943005-2507746264-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
FF SearchPlugin: C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\searchplugins\yahoo-avast.xml
FF Extension: Cooliris - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\Extensions\[email protected] [2014-08-12]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Evelyn\AppData\Roaming\Mozilla\Firefox\Profiles\afzobgxi.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2014-08-12]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010-09-11]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2010-09-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-13]
FF Extension: No Name - [email protected] [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-13] (AVAST Software)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-06-10] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-13] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 21:21 - 2014-11-19 21:21 - 00015704 _____ () C:\Users\Evelyn\Desktop\FRST.txt
2014-11-19 11:31 - 2014-11-19 11:31 - 00007063 _____ () C:\Users\Evelyn\Desktop\Fixlist.txt
2014-11-17 23:37 - 2014-11-17 23:37 - 00000000 ____D () C:\_OTL
2014-11-17 22:12 - 2014-11-19 21:21 - 00000000 ____D () C:\FRST
2014-11-17 22:11 - 2014-11-17 22:11 - 02117120 _____ (Farbar) C:\Users\Evelyn\Desktop\FRST64.exe
2014-11-13 15:33 - 2014-11-13 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 21:17 - 2014-11-10 21:17 - 00017784 _____ () C:\Users\Evelyn\Downloads\news-1.rss
2014-11-09 18:30 - 2014-11-09 18:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-09 18:30 - 2014-11-09 18:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-09 18:30 - 2014-11-09 18:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-09 18:30 - 2014-11-09 18:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-09 18:30 - 2014-11-09 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-09 18:30 - 2014-11-09 18:30 - 00000000 ____D () C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-19 21:18 - 2014-08-13 16:17 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-11-19 21:18 - 2010-09-11 04:31 - 00213954 _____ () C:\Windows\PFRO.log
2014-11-19 21:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 21:18 - 2009-07-13 23:51 - 00039445 _____ () C:\Windows\setupact.log
2014-11-19 21:17 - 2010-09-11 02:08 - 00498643 _____ () C:\Windows\WindowsUpdate.log
2014-11-19 11:31 - 2009-07-13 23:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-19 11:31 - 2009-07-13 23:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-19 11:30 - 2009-07-14 00:13 - 00714754 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 23:37 - 2014-09-13 11:19 - 00000000 ____D () C:\Users\Evelyn\AppData\Local\Idle-#-Crawler
2014-11-17 23:30 - 2012-11-09 20:02 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-17 23:30 - 2012-11-09 20:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-17 17:24 - 2012-07-27 15:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-13 09:20 - 2014-09-13 11:11 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-09 18:30 - 2014-02-06 20:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-24 16:22 - 2014-10-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-18 09:10

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Evelyn at 2014-11-19 21:21:48
Running from C:\Users\Evelyn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
HPAsset component for HP Active Support Library (HKLM-x32\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.2.2 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-2859361257-3486943005-2507746264-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 en-US)) (Version: 31.2.0 - Mozilla)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-09-2014 00:09:14 Scheduled Checkpoint
24-09-2014 13:37:58 HPSF Restore Point
08-10-2014 01:06:52 Scheduled Checkpoint
06-11-2014 17:24:44 Scheduled Checkpoint
09-11-2014 23:29:11 Installed Java 7 Update 71
18-11-2014 04:37:24 OTL Restore Point - 11/17/2014 11:37:16 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {63E4176A-2A47-4B5E-BF5D-43027EC7F6A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-10-07] (Microsoft)
Task: {6D640D5E-1916-4ABF-BF88-B840BD54BDF5} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {79469CA5-19BF-4D93-87A5-FA1E2919C9D4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-13] (AVAST Software)
Task: {86BF7F4C-D2B2-4FC5-8426-0F8FC0E13CE2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-10] (Hewlett-Packard Company)
Task: {8F29D7E1-307A-4784-A0BD-84FBECA13959} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {976EAB81-2C28-46F5-AB05-0E7BD52A8634} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-07] (Microsoft)
Task: {9956FFB6-664D-4967-88E6-146C364544E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-06-10] (Hewlett-Packard Company)
Task: {A6424191-0B47-4986-B75C-1497E50EEB7B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

==================== Loaded Modules (whitelisted) =============

2014-02-15 14:40 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2009-06-08 18:45 - 2009-06-08 18:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-09-11 02:11 - 2010-09-11 02:11 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-13 11:11 - 2014-09-13 11:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-19 15:26 - 2014-11-19 15:26 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111901\algo.dll
2011-01-20 03:46 - 2010-06-17 19:00 - 12286520 _____ () C:\Users\Evelyn\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2011-01-20 03:46 - 2010-06-17 19:11 - 01699384 _____ () C:\Users\Evelyn\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2014-02-15 14:40 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-09-13 11:11 - 2014-09-13 11:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2859361257-3486943005-2507746264-500 - Administrator - Disabled)
Evelyn (S-1-5-21-2859361257-3486943005-2507746264-1000 - Administrator - Enabled) => C:\Users\Evelyn
Guest (S-1-5-21-2859361257-3486943005-2507746264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2859361257-3486943005-2507746264-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2014 09:17:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a64

Start Time: 01d004167d1176c5

Termination Time: 250

Application Path: C:\Users\Evelyn\Desktop\FRST64.exe

Report Id:

Error: (11/18/2014 09:11:47 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (11/18/2014 09:10:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/18/2014 00:03:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OTL.exe, version: 3.2.69.0, time stamp: 0x2a425e19
Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc0020043
Fault offset: 0x0005cd59
Faulting process id: 0xb9c
Faulting application start time: 0xOTL.exe0
Faulting application path: OTL.exe1
Faulting module path: OTL.exe2
Report Id: OTL.exe3

Error: (11/17/2014 01:51:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/15/2014 05:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Idle-#-Crawler.exe, version: 0.0.0.0, time stamp: 0x540f4747
Faulting module name: kernel32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdbde
Exception code: 0xc00000fd
Fault offset: 0x00011928
Faulting process id: 0x134c
Faulting application start time: 0xIdle-#-Crawler.exe0
Faulting application path: Idle-#-Crawler.exe1
Faulting module path: Idle-#-Crawler.exe2
Report Id: Idle-#-Crawler.exe3

Error: (11/15/2014 03:47:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/14/2014 09:31:56 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/13/2014 03:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Idle-#-Crawler.exe, version: 0.0.0.0, time stamp: 0x540f4747
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb3b
Exception code: 0xc00000fd
Fault offset: 0x0001fa6b
Faulting process id: 0x216c
Faulting application start time: 0xIdle-#-Crawler.exe0
Faulting application path: Idle-#-Crawler.exe1
Faulting module path: Idle-#-Crawler.exe2
Report Id: Idle-#-Crawler.exe3

Error: (11/13/2014 09:29:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).


System errors:
=============
Error: (11/19/2014 11:33:42 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/19/2014 11:33:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Health Check Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Service Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/19/2014 11:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Document Manager service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/19/2014 09:17:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe17.11.2014.0a6401d004167d1176c5250C:\Users\Evelyn\Desktop\FRST64.exe

Error: (11/18/2014 09:11:47 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll2

Error: (11/18/2014 09:10:58 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/18/2014 00:03:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OTL.exe3.2.69.02a425e19RPCRT4.dll6.1.7600.163854a5bdb3bc00200430005cd59b9c01d002e8e196f0abC:\Downloads\OTL by OldTimer\OTL.exeC:\Windows\syswow64\RPCRT4.dll4186ecf5-6ee0-11e4-9146-d485649ff0d0

Error: (11/17/2014 01:51:57 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/15/2014 05:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Idle-#-Crawler.exe0.0.0.0540f4747kernel32.dll6.1.7600.163854a5bdbdec00000fd00011928134c01d00113ffcd57e5C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exeC:\Windows\syswow64\kernel32.dll9d542be6-6d17-11e4-8838-d485649ff0d0

Error: (11/15/2014 03:47:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/14/2014 09:31:56 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).

Error: (11/13/2014 03:21:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Idle-#-Crawler.exe0.0.0.0540f4747ntdll.dll6.1.7600.163854a5bdb3bc00000fd0001fa6b216c01cfff7e61646974C:\Users\Evelyn\AppData\Local\Idle-#-Crawler\Idle-#-Crawler.exeC:\Windows\SysWOW64\ntdll.dllab2c6169-6b72-11e4-a74c-d485649ff0d0

Error: (11/13/2014 09:29:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: HTTP status 404: The requested URL does not exist on the server.
 ErrorCode: 14007(0x36b7).


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 43%
Total physical RAM: 2815.29 MB
Available physical RAM: 1583.91 MB
Total Pagefile: 5628.71 MB
Available Pagefile: 4243.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:513.44 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 917BAFD3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=584 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: chrome.exe *32, IdleCrawler

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP